High severity8.0GHSA Advisory· Published Jun 9, 2025· Updated Apr 15, 2026
CVE-2025-49653
CVE-2025-49653
Description
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
backend.aiPyPI | <= 25.3.3 | — |
Affected products
2- Range: <= 25.3.3
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-hxvr-gg2w-j48xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-49653ghsaADVISORY
- github.com/lablup/backend.ai/pull/7587ghsaWEB
- hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653ghsaWEB
- hiddenlayer.com/sai_security_advisor/2025-06-backendaighsaWEB
- hiddenlayer.com/sai_security_advisor/2025-06-backendai/nvd
News mentions
0No linked articles in our index yet.