Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
AnalysisAI
A security vulnerability in the session. This vulnerability exists in all current (CVSS 8.1) that allows attackers. High severity vulnerability requiring prompt remediation.
Technical ContextAI
CWE-862 (Missing Authorization). CVSS 8.1 indicates high severity. Affects the session. This vulnerability exists in all current.
RemediationAI
Monitor vendor channels for patch availability.
Same weakness CWE-862 – Missing Authorization
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17555
GHSA-h889-475r-wfmm