Vulnerability in Cvat-ai Cvat

CVE-2025-48381

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tas…

EPSS: 0.002 (44.6th percentile) — read the EPSS interpretation.

Affected products

Cvat-ai Cvat — versions >= 2.4.0, < 2.38.0

Weakness classification (CWE)

CWE-201 — Insertion of Sensitive Information into Sent Data

References

https://github.com/cvat-ai/cvat/security/advisories/GHSA-7484-2gfm-852p (x_refsource_CONFIRM)
https://github.com/cvat-ai/cvat/commit/7136c99fb2c3a5cb2d8c3ca54b4201b9fa6aab5a (x_refsource_MISC)