Cross-Site Request Forgery Vulnerability in AimHubio Tracking Server
CVE-2024-7760

7.4HIGH

Key Information:

Vendor: Aimhubio
Status: Aimhubio/aim
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-7760?

AimHubio's Aim version 3.22.0 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability due to overly permissive CORS settings. This flaw allows for cross-origin requests from any source, enabling attackers to exploit all endpoints of the tracking server. The CSRF attacks could be leveraged in conjunction with other vulnerabilities, potentially facilitating remote code execution, denial of service, and arbitrary file read/write, thereby posing significant security challenges.

Affected Version(s)

aimhubio/aim <= unspecified

References

https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9b...

CVSS V3.0

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Aug 13, 2024

Aimhubio

What is CVE-2024-7760?

Affected Version(s)

References

CVSS V3.0

Timeline