Miggo Logo
Miggo Vulnerability Database
CVE-2025-0189

CVE-2025-0189:
Aim Uncontrolled Resource Consumption vulnerability

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2025-0189
GHSA ID
GHSA-j5qj-rg5j-j7c2
EPSS Score
0.18792%
CWE
CWE-400
Published
3/20/2025
Updated
3/22/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
aimpip

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly states the server overrides maximum websocket message size limits. This strongly suggests the websocket handler initialization function (commonly named init or similar) contains the vulnerable configuration. The lack of size restriction would be implemented at the websocket handler level, making this the most logical location. While exact code isn't available, the pattern matches common websocket implementations where max_size parameters control message limits.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In v*rsion *.**.* o* *im*u*io/*im, t** tr**kin* s*rv*r is vuln*r**l* to * **ni*l o* s*rvi** *tt**k. T** s*rv*r ov*rri**s t** m*ximum siz* *or w**so*k*t m*ss***s, *llowin* v*ry l*r** im***s to ** tr**k**. T*is **us*s t** s*rv*r to ***om* unr*sponsiv*

Reasoning

T** vuln*r**ility **s*ription *xpli*itly st*t*s t** s*rv*r ov*rri**s m*ximum w**so*k*t m*ss*** siz* limits. T*is stron*ly su***sts t** w**so*k*t **n*l*r initi*liz*tion *un*tion (*ommonly n*m** __init__ or simil*r) *ont*ins t** vuln*r**l* *on*i*ur*tio