High severity8.1GHSA Advisory· Published Jun 9, 2025· Updated Apr 15, 2026
CVE-2025-49651
CVE-2025-49651
Description
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
backend.aiPyPI | <= 25.3.3 | — |
Affected products
2- Range: <= 25.3.3
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-h889-475r-wfmmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-49651ghsaADVISORY
- github.com/lablup/backend.ai/pull/7587ghsaWEB
- hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653ghsaWEB
- hiddenlayer.com/sai_security_advisor/2025-06-backendaighsaWEB
- hiddenlayer.com/sai_security_advisor/2025-06-backendai/nvd
News mentions
0No linked articles in our index yet.