Critical severity9.8GHSA Advisory· Published Jun 9, 2025· Updated Apr 15, 2026
CVE-2025-49652
CVE-2025-49652
Description
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
backend.aiPyPI | < 25.15.6 | 25.15.6 |
backend.aiPyPI | >= 25.16.0rc1, < 25.19.0rc1 | 25.19.0rc1 |
Affected products
2- Range: >= 25.16.0rc1, < 25.19.0rc1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-ww28-4m4v-cq4jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-49652ghsaADVISORY
- github.com/lablup/backend.ai/commit/37fc8f70f9bad2dd01fe2e288f9006e96f9914edghsaWEB
- github.com/lablup/backend.ai/commit/b6d3ddd9e285a7ce59722a37585b9298681eb82fghsaWEB
- github.com/lablup/backend.ai/commit/d7704f506e319acff205d91bfca6e2ca92939983ghsaWEB
- hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653ghsaWEB
- hiddenlayer.com/sai_security_advisor/2025-06-backendaighsaWEB
- hiddenlayer.com/sai_security_advisor/2025-06-backendai/nvd
News mentions
0No linked articles in our index yet.