CVE-2025-49653: BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

June 9, 2025 (updated June 11, 2025)

Exposure of sensitive data in active sessions in Lablup’s BackendAI allows attackers to retrieve credentials for users on the management platform.

References

github.com/advisories/GHSA-hxvr-gg2w-j48x
github.com/lablup/backend.ai
hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653
hiddenlayer.com/sai_security_advisor/2025-06-backendai
nvd.nist.gov/vuln/detail/CVE-2025-49653

Code Behaviors & Features

Detect and mitigate CVE-2025-49653 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →