What is CVE-2025-54573?

CVE-2025-54573 is a medium-severity vulnerability in Cvat-ai Cvat, classified under Improper Authentication. CVSS score: 4.3/10. Published 2025-07-30.

How severe is CVE-2025-54573?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Auth bypass in Cvat-ai Cvat

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts us…

Vulnerability class: Broken Authentication

EPSS: 0.002 (35.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Affected products

Cvat-ai Cvat — versions >= 1.1.0, < 2.42.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

https://github.com/cvat-ai/cvat/security/advisories/GHSA-fxgh-m76j-242q (x_refsource_CONFIRM)
https://github.com/cvat-ai/cvat/commit/bc20eff16b8406fbb755f6540e6f269da0c9c5b2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-54573?: CVE-2025-54573 is a medium-severity vulnerability in Cvat-ai Cvat, classified under Improper Authentication. CVSS score: 4.3/10. Published 2025-07-30.
How severe is CVE-2025-54573?: Medium severity. CVSS v3 base score is 4.3 out of 10.