Home > Vulnerability Database > CVE-2025-49653

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2025-49653

Date: June 9, 2025

Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

Severity Score

8.0

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-49653

Url: https://github.com/lablup/backend.ai

Url: https://hiddenlayer.com/sai_security_advisor/2025-06-backendai

Url: https://hiddenlayer.com/sai_security_advisor/2025-06-backendai/

Url: https://hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653

Url: https://hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653/

Url: https://www.mend.io/vulnerability-database/CVE-2025-49653

Severity Score

8.0

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Do you need more information?

Contact Us