VYPR
Critical severity9.8GHSA Advisory· Published Jun 9, 2025· Updated Apr 15, 2026

CVE-2025-49652

CVE-2025-49652

Description

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
backend.aiPyPI
< 25.15.625.15.6
backend.aiPyPI
>= 25.16.0rc1, < 25.19.0rc125.19.0rc1

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.