Low severityNVD Advisory· Published May 29, 2025· Updated Jun 1, 2025

aimhubio aim run_view Object query.py RestrictedPythonQuery privilege escalation

CVE-2025-5321

Description

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
aimPyPI	<= 3.29.1	—

Affected products

Aimhubio/Aimv5
Range: 3.29.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54cghsaexploitWEB
github.com/advisories/GHSA-gp5h-f9c5-8355ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-5321ghsaADVISORY
vuldb.comghsathird-party-advisoryWEB
vuldb.comghsasignaturepermissions-requiredWEB
vuldb.comghsavdb-entrytechnical-descriptionWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000