CVE-2025-0189 – This vulnerability allows attackers to cause de... (How to Fix)

Q: What is the severity of CVE-2025-0189?

CVE-2025-0189 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause denial of service in aimhubio/aim tracking servers by sending oversized websocket messages containing large images. The server becomes unresponsive while processing these messages, blocking legitimate requests. Anyone running aim version 3.25.0 with the tracking server exposed is affected.

📋 TL;DR

This vulnerability allows attackers to cause denial of service in aimhubio/aim tracking servers by sending oversized websocket messages containing large images. The server becomes unresponsive while processing these messages, blocking legitimate requests. Anyone running aim version 3.25.0 with the tracking server exposed is affected.

💻 Affected Systems

Products:

aimhubio/aim

Versions: 3.25.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the tracking server component enabled and accessible.

📦 What is this software?

Aim by Aimstack

View all CVEs affecting Aim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage where the tracking server becomes completely unresponsive, disrupting all monitoring and logging functionality for machine learning experiments.

🟠

Likely Case

Intermittent service degradation where legitimate users experience timeouts or slow responses when attackers periodically send large images.

🟢

If Mitigated

Minimal impact with proper rate limiting, input validation, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to the tracking server and ability to send websocket messages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 3.25.0

Vendor Advisory: https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e

Restart Required: No

Instructions:

1. Update aim to latest version using pip: pip install --upgrade aim 2. Verify version is greater than 3.25.0 3. Restart any running aim tracking servers

🔧 Temporary Workarounds

Implement websocket message size limits

all

Configure websocket server to reject messages exceeding a reasonable size threshold

Network segmentation and access controls

all

Restrict network access to aim tracking server to trusted sources only

🧯 If You Can't Patch

Implement rate limiting on websocket connections
Deploy a reverse proxy with request size limits in front of the tracking server

🔍 How to Verify

Check if Vulnerable:

Check aim version: aim version | grep 3.25.0

Check Version:

aim version

Verify Fix Applied:

Check aim version is greater than 3.25.0: aim version

📡 Detection & Monitoring

Log Indicators:

Unusually large websocket message sizes
Extended processing times for image tracking requests
Server timeout errors

Network Indicators:

Large websocket frames to aim tracking server port
Sudden increase in websocket traffic

SIEM Query:

source="aim-server" AND (message_size>1000000 OR processing_time>10s)

📊 Metadata

CVE ID: CVE-2025-0189

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.14% exploit probability (33.5th percentile)

Published: March 20, 2025

Last Updated: October 15, 2025

🔗 References

https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0189, you might also want to check these: