CVE-2025-10952
BaseFortify
Publication date: 2025-09-25
Last updated on: 2025-09-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geyang | ml-logger | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in the geyang ml-logger software, specifically in the stream_handler function of the ml_logger/server.py file. It allows an attacker to manipulate the argument 'key' remotely, which leads to information disclosure. This means sensitive information could be exposed to unauthorized parties.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information due to manipulation of the 'key' argument in the affected function. Since the attack can be initiated remotely and the exploit is publicly available, it increases the risk of data exposure without requiring authentication.