CVE-2025-0744
Published: 30 January 2025
Summary
CVE-2025-0744 is a high-severity Improper Access Control (CWE-284) vulnerability in Thesamur Embedai. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Account Manipulation (T1098); ranked at the 22.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations on endpoints like the payment processing one to prevent authenticated users from making unauthorized subscription changes.
Validates POST request parameters at the application layer to reject tampered inputs that attempt to upgrade subscriptions without payment.
Limits authenticated users to privileges matching their paid subscription tier, reducing the impact of access control bypasses on premium features.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper access control enables unauthorized subscription plan changes (account manipulation, T1098) through exploitation of the public-facing web application endpoint (T1190).
NVD Description
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmt_cash_on_delivery/pay" endpoint.
Deeper analysisAI
CVE-2025-0744 is an Improper Access Control vulnerability (CWE-284) in EmbedAI versions 2.1 and below. The issue allows an authenticated attacker to change their subscription plan without paying by sending a POST request with modified parameters to the "/demos/embedai/pmt_cash_on_delivery/pay" endpoint. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high integrity impact with no confidentiality or availability effects.
An authenticated attacker can exploit this vulnerability remotely over the network with low complexity. By crafting and submitting a POST request to the specified endpoint with altered parameters, the attacker can upgrade their subscription tier without completing payment, gaining unauthorized access to premium features.
Mitigation details are available in the INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai, which covers this and other vulnerabilities in EmbedAI.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- EmbedAI is a tool for creating chatbots, which qualifies as an enterprise AI assistant platform. The vulnerability is an improper access control in its payment endpoint, but the software is AI-related due to chatbot functionality involving AI/LLM integrations.