Embedai
CVE-2025-0742
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>".
AnalysisAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>". Affected products include: Thesamur Embedai.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. Rated high severity (CVSS 8.6), this vulnerabilit
A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. Rated medium severity (CVSS 6.1)
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 7.5), this v
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 7.5), this v
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated medium severity (CVSS 5.3), this
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated medium severity (CVSS 5.8), this
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 8.6), this v
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 8.6), this v
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today