CVE-2025-48381 — MEDIUM (4.3)

Q: How severe is CVE-2025-48381?

CVE-2025-48381 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-48381?

Check the references section above for vendor advisories and patch information. Affected products include: Cvat Computer Vision Annotation Tool.

Vulnerability Description

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality reports on the CVAT instance. In addition, if the instance contains many resources of a particular type, retrieving this information may tie up system resources, denying access to legitimate users. This issue has been patched in version 2.38.0.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cvat	Computer Vision Annotation Tool	>= 2.4.0, < 2.38.0

Related Weaknesses (CWE)

CWE-201

References

FAQ

What is CVE-2025-48381?

CVE-2025-48381 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able t...

How severe is CVE-2025-48381?

CVE-2025-48381 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-48381?

Check the references section above for vendor advisories and patch information. Affected products include: Cvat Computer Vision Annotation Tool.