Denial of Service Vulnerability in Aimhubio's Tracking Server
CVE-2025-0189
7.5HIGH
Summary
In version 3.25.0 of Aimhubio's tracking server, a vulnerability allows for denial of service attacks due to an override of the maximum size for websocket messages. This flaw enables the server to process excessively large images, resulting in unresponsiveness to legitimate requests. Attackers can exploit this issue to cause the server to stall, disrupting service availability.
Affected Version(s)
aimhubio/aim <= unspecified
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved