CVE-2025-2129

MEDIUM NUCLEI

Mage AI <0.9.75 - Info Disclosure

Title source: llm

Description

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. After 7 months of repeated follow-ups by the researcher, Mage AI has decided to not accept this issue as a valid security vulnerability and has confirmed that they will not be addressing it.

Nuclei Templates (1)

Mage AI - Insecure Default Authentication Setup
MEDIUMVERIFIEDby zn9988,H0j3n
Shodan: html:"<title>Mage</title>"

References (4)

Scores

CVSS v3 5.6
EPSS 0.0961
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-1188
Status published
Products (1)
n/a/Mage AI 0.9.75
Published Mar 09, 2025
Tracked Since Feb 18, 2026