High severity8.1GHSA Advisory· Published Jun 9, 2025· Updated Apr 15, 2026
CVE-2025-49651
CVE-2025-49651
Description
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
backend.aiPyPI | <= 25.3.3 | — |
Affected products
1- Range: <= 25.3.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-h889-475r-wfmmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-49651ghsaADVISORY
- github.com/lablup/backend.ai/pull/7587ghsaWEB
- hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653ghsaWEB
- hiddenlayer.com/sai_security_advisor/2025-06-backendaighsaWEB
- hiddenlayer.com/sai_security_advisor/2025-06-backendai/nvd
News mentions
0No linked articles in our index yet.