CNNVD-202507-2898 Information

CNNVD ID

CNNVD-202507-2898

Related CVE

CVE-2025-51463

• CNNVD Published: 2025-07-22

Description (Chinese)

Aim是美国Aim开源的一个易于使用和高性能的开源实验跟踪器。 AIM 3.28.0版本存在路径遍历漏洞，该漏洞源于restore_run_backup存在路径遍历漏洞，可能导致写入任意文件到服务器文件系统。

Description (English)

Aim is an easy-to-use and high-performance open source experimental tracker for the Aim open source in the United States. AIM 3.28.0 has a loophole in the path, which stems from the path run backup, which can lead to the writing of any file into the server file system.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Aim

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/aimhubio/aim/pull/3327 https://www.gecko.security/blog/cve-2025-51463 https://access.redhat.com/security/cve/cve-2025-51463 https://nvd.nist.gov/vuln/detail/CVE-2025-51463

Patch

https://aimstack.io/