CVE-2025-49651 Information

Description

Missing Authorization in Lablup’s BackendAI allows attackers to takeover all active sessions; Accessing stealing or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.

Reference

https://hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653/