CVE-2025-0740

High

Published: 30 January 2025

Published

30 January 2025

Modified

10 October 2025

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score 0.0011 28.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0740 is a high-severity Improper Access Control (CWE-284) vulnerability in Thesamur Embedai. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Messaging Applications (T1213.005); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AU-13 (Monitoring for Information Disclosure).

Threat & Defense at a Glance

What attackers do: exploitation maps to Messaging Applications (T1213.005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations on the load_messages endpoint to validate CHAT_ID ownership and prevent unauthorized access to other users' chat messages.

SI-10 Information Input Validation partial match

prevent

Validates the CHAT_ID input parameter against the authenticated user's account to block requests for unauthorized chat messages.

AU-13 Monitoring for Information Disclosure partial match

detect

Monitors for unauthorized disclosures of chat messages through anomalous CHAT_ID access patterns in endpoint requests.

MITRE ATT&CK Enterprise TechniquesAI

T1213.005 Messaging Applications Collection

Adversaries may leverage chat and messaging applications, such as Microsoft Teams, Google Chat, and Slack, to mine valuable information.

attack.mitre.org →

T1552.008 Chat Messages Credential Access

Adversaries may directly collect unsecured credentials stored or passed through user communication services.

attack.mitre.org →

Why these techniques?

The improper access control (IDOR) in the chat messages endpoint enables authenticated attackers to collect data from other users' messaging/chat sessions (T1213.005) and access potentially unsecured credentials stored in chat messages (T1552.008).

NVD Description

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>".

Deeper analysisAI

CVE-2025-0740, published on 2025-01-30, is an Improper Access Control vulnerability (CWE-284) in EmbedAI versions 2.1 and below. The flaw affects the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>", where inadequate controls on the CHAT_ID parameter enable unauthorized access to sensitive data. It carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, no required privileges or user interaction, and a high confidentiality impact with changed scope.

An authenticated attacker can exploit this vulnerability by simply modifying the CHAT_ID parameter in requests to the affected endpoint, allowing them to retrieve chat messages belonging to other users. This results in unauthorized exposure of potentially sensitive conversation data across user accounts.

The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai provides further details on this and related vulnerabilities in EmbedAI, including mitigation recommendations.

Details

CWE(s): CWE-284

Affected Products

thesamur

embedai

≤ 2.1

AI Security AnalysisAI

AI Category: Enterprise AI Assistants
Risk Domain: Privacy and Disclosure
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: EmbedAI is a tool for creating chatbots, which aligns with Enterprise AI Assistants as it involves deploying AI-powered conversational interfaces.

CVEs Like This One

CVE-2025-0744Same product: Thesamur Embedai

CVE-2025-0745Same product: Thesamur Embedai

CVE-2025-0739Same product: Thesamur Embedai

CVE-2025-0747Same product: Thesamur Embedai

CVE-2024-36259Shared CWE-284

CVE-2025-25950Shared CWE-284

CVE-2026-5786Shared CWE-284

CVE-2026-32768Shared CWE-284

CVE-2026-33109Shared CWE-284

CVE-2023-29164Shared CWE-284

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai
Third Party Advisory · cve-coordination@incibe.es