CVE-2025-0740
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
30/01/2025
Last modified:
30/01/2025
Description
An Improper Access Control vulnerability has been found in EmbedAI<br />
<br />
2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=".
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH