CVE-2025-49652
Improper access control allows arbitrary account creation
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Lablup · BackendAI