Denial of Service Vulnerability in Aimhubio's Tracking Server
CVE-2025-0189

7.5HIGH

Key Information:

Vendor: Aimhubio
Status: Aimhubio/aim
Vendor: CVE Published:; 20 March 2025

What is CVE-2025-0189?

In version 3.25.0 of Aimhubio's tracking server, a vulnerability allows for denial of service attacks due to an override of the maximum size for websocket messages. This flaw enables the server to process excessively large images, resulting in unresponsiveness to legitimate requests. Attackers can exploit this issue to cause the server to stall, disrupting service availability.

Affected Version(s)

aimhubio/aim <= unspecified

References

https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jan 3, 2025