CVE-2025-48491

May 30, 2025, 4:31 p.m.

2.7
Low

Description

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.

Product(s) Impacted

Vendor Product Versions
Project-ai
  • Project Ai
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a project-ai project_ai / / / / / / / /

References

https://github.com/aryan6673/project-ai/commit/142252c43f1dacb3fed99e3336f5cd863b028bc2
https://github.com/aryan6673/project-ai/commit/1de910f353eb2a68c980149b906e7495459296ad
https://github.com/aryan6673/project-ai/commit/54a69c3ccd301d35f3d54f4844d9910e609beb73
https://github.com/aryan6673/project-ai/commit/7f3b93f9aa9085d5413b4019172b0e56676346d7
https://github.com/aryan6673/project-ai/commit/8db90e3d9777850741804533ebde5824b4a5795c
https://github.com/aryan6673/project-ai/commit/99e0e0718edb0e59c5d3c5a69903b87c69fcfe7a
https://github.com/aryan6673/project-ai/commit/ab67979a46b0e343dc20a95a2b65d3c4994c31e7
https://github.com/aryan6673/project-ai/commit/c1fb156418d98a1e6c60bb680db57e9558785093
https://github.com/aryan6673/project-ai/security/advisories/GHSA-8486-vrcp-69rv

Tags

security-advisories@github.com
CWE-798
2025-05-30
CVE-2025-48491

CVSS Score

2.7 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW
  • Exploit Maturity: UNREPORTED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: May 30, 2025, 4:15 a.m.
Last Modified: May 30, 2025, 4:31 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.