CVE-2025-49652

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...

BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. NOTE: The maintainers of BackendAI do not consider this report to fit with their threat model and advise users to follow security advice from...

CVE-2025-49653

Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...

CVE-2025-49653 Exposure of sensitive Information allows account takeover

Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...

CVE-2025-49653

CVE-2025-49653 concerns Lablup’s BackendAI. The vulnerability arises from exposure of sensitive data in active sessions, enabling an attacker to retrieve credentials for users on the management platform. The affected software is BackendAI (backend.ai) and specifically involves credentials exposur...

CVE-2025-49652 Improper access control allows arbitrary account creation

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...

CVE-2025-49651 Missing Authorization for Interactive Sessions

Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...

Lablup BackendAI 安全漏洞

Lablup BackendAI is a machine learning platform from Lablup Korea. A security vulnerability exists in Lablup BackendAI that stems from the exposure of sensitive data in active sessions, which could lead to an attacker gaining access to management platform user credentials...

Lablup BackendAI 访问控制错误漏洞

Lablup BackendAI is a machine learning platform from South Korean company Lablup. Lablup BackendAI suffers from an access control error vulnerability that stems from a lack of authentication in the registration function, which could allow an arbitrary user to create an account and access private...

PT-2025-24547 · Lablup · Lablup'S Backendai

Name of the Vulnerable Software and Affected Versions: Lablup's BackendAI affected versions not specified Description: The issue concerns a missing authentication mechanism in the registration feature, allowing arbitrary users to create accounts that can access private data, even when registratio...

Lablup BackendAI 安全漏洞

Lablup BackendAI is a machine learning platform from Lablup Korea. A security vulnerability exists in Lablup BackendAI that stems from a lack of authorization and could lead to session hijacking and data leakage...

PT-2025-24548 · Lablup · Lablup'S Backendai

Name of the Vulnerable Software and Affected Versions: Lablup's BackendAI affected versions not specified Description: The issue allows attackers to expose sensitive data in active sessions, enabling them to retrieve credentials for users on the management platform. Recommendations: At the moment...