← Voltar para CVEs
CVE-2025-48381
MEDIUM4.3
Descricao
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality reports on the CVAT instance. In addition, if the instance contains many resources of a particular type, retrieving this information may tie up system resources, denying access to legitimate users. This issue has been patched in version 2.38.0.
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado5/30/2025
Ultima modificacao10/15/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
cvat:computer_vision_annotation_tool
Fraquezas (CWE)
CWE-201
Referencias
https://github.com/cvat-ai/cvat/commit/7136c99fb2c3a5cb2d8c3ca54b4201b9fa6aab5a(security-advisories@github.com)
https://github.com/cvat-ai/cvat/security/advisories/GHSA-7484-2gfm-852p(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.