CVE-2025-0740

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
30/01/2025
Last modified:
30/01/2025

Description

An Improper Access Control vulnerability has been found in EmbedAI<br /> <br /> 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=".