CVE-2025-51464

Vulnerability

Description

CVE-2025-51464 is a stored cross-site scripting (XSS) vulnerability in aimhubio Aim version 3.28.0, an open-source ML experiment tracker [1]. The flaw exists in the "/api/reports" endpoint, which accepts user-supplied Python code in the code field of POST requests. This code is stored in the database without sanitization and later embedded into a React component when a report is viewed. The markdown renderer interprets code blocks with the "aim" language tag and passes them to the Board component for execution via Pyodide [3].

Exploitation

An attacker can submit a malicious report containing Python code that calls pyodide.code.run_js() to execute arbitrary JavaScript in the victim's browser. Since there are no restrictions on the JavaScript bridge, an attacker can break out of the intended Python sandbox [3]. The attack requires no authentication beyond regular access to the API, and the malicious payload is executed automatically when any user views the affected report [2]. A proof-of-concept demonstrates using fetch() to exfiltrate data from the application's API to an attacker-controlled server [3].

Impact

Successful exploitation allows remote attackers to execute arbitrary JavaScript in the context of the Aim application. This can lead to session hijacking, data theft (including other reports), and further malicious actions within the victim's browser session [2]. The vulnerability is classified as stored XSS because the payload persists in the database and impacts all viewers of the crafted report.

Mitigation

The issue has been addressed in a pull request (PR #3333) on the aimhubio/aim repository [4]. Users should update Aim to a patched version that restricts Pyodide's JavaScript bridge (e.g., by removing or sandboxing run_js) and sanitizes user-supplied code in reports. No official advisory with a new release version has been published as of the CVE publication date [1][4].