What the vulnerability does
01Description
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.
CVE-2025-49653
HIGH
CVE-2025-49653: Exposure of sensitive Information allows account takeover
CVSS base score
8.0/10
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
June 9, 2025
CVE published
June 11, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-21396 Bulk list client endpoint exposes too much metadata about a client
CVE-2025-10744 File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure
CVE-2025-36759 Sensitive Information Disclosure in SolaX Cloud
CVE-2026-39943 Directus exposes sensitive fields in revision history
CVE-2024-0242 Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub
