CVE-2025-0190
📋 TL;DR
This CVE describes a denial of service vulnerability in aimhubio/aim version 3.25.0 where an attacker can make the web server unresponsive by tracking numerous Text objects and querying them simultaneously via the web API. Organizations running vulnerable Aim instances with exposed web interfaces are affected.
💻 Affected Systems
- aimhubio/aim
📦 What is this software?
Aim by Aimstack
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability for extended periods, potentially disrupting critical workflows that depend on the Aim server.
Likely Case
Temporary service degradation affecting all users until the malicious requests complete processing.
If Mitigated
Minimal impact with proper rate limiting, request filtering, and network segmentation in place.
🎯 Exploit Status
Exploitation requires ability to track Text objects first, then query them. The vulnerability is documented in the huntr.com bounty report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.25.1 or later
Vendor Advisory: https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70
Restart Required: No
Instructions:
1. Update Aim to version 3.25.1 or later using pip: 'pip install --upgrade aim==3.25.1' 2. Verify the update completed successfully 3. No restart required as this is a Python package update
🔧 Temporary Workarounds
Implement rate limiting
allConfigure web server or reverse proxy to limit simultaneous requests per client
# Example nginx rate limiting: limit_req_zone $binary_remote_addr zone=aimlimit:10m rate=10r/s;
# Then apply to Aim location: limit_req zone=aimlimit burst=20 nodelay;
Restrict API access
allLimit web API access to trusted networks or implement authentication
# Example firewall rule: iptables -A INPUT -p tcp --dport [AIM_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
# Then: iptables -A INPUT -p tcp --dport [AIM_PORT] -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Aim servers from untrusted networks
- Deploy a WAF or reverse proxy with DoS protection and request filtering capabilities
🔍 How to Verify
Check if Vulnerable:
Check Aim version: 'pip show aim' or 'aim --version'. If version is exactly 3.25.0, the system is vulnerable.Check Version:
pip show aim | grep VersionVerify Fix Applied:
After updating, verify version is 3.25.1 or later: 'pip show aim | grep Version' should show 3.25.1+📡 Detection & Monitoring
Log Indicators:
- Unusually high number of simultaneous API requests
- Extended processing times for /api/runs/ endpoints
- Server becoming unresponsive to other requests
Network Indicators:
- Spike in HTTP requests to Aim web API endpoints
- Multiple clients making simultaneous queries for Text objects
SIEM Query:
source="aim.log" AND ("processing" AND "extended" OR "unresponsive") OR (http_uri="/api/runs/*" AND count() > threshold)