CVE-2025-49652 Information

Description

Missing Authentication in the registration feature of Lablup’s BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.

Reference

https://hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653/