CVE-2025-48381 is a medium severity vulnerability identified in the Computer Vision Annotation Tool (CVAT), an open-source interactive video and image annotation platform widely used in computer vision projects. The vulnerability affects CVAT versions from 2.4.0 up to but not including 2.38.0. It allows an authenticated user with legitimate access to the CVAT instance to retrieve sensitive metadata information, including the IDs and names of all tasks, projects, labels, as well as the IDs of all jobs and quality reports. This exposure of sensitive information corresponds to CWE-201: Insertion of Sensitive Information Into Sent Data. Although the attacker must already be authenticated, the vulnerability does not require elevated privileges or user interaction beyond authentication. Furthermore, if the CVAT instance contains a large volume of resources of a particular type, exploiting this vulnerability can cause excessive consumption of system resources, potentially leading to denial of service (DoS) conditions that prevent legitimate users from accessing the service. The vulnerability has been addressed and patched in CVAT version 2.38.0. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required beyond authentication, no user interaction, and limited impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild.

For European organizations using CVAT for computer vision annotation tasks, this vulnerability poses a risk primarily related to information disclosure and potential service disruption. The exposure of task, project, label, job, and quality report identifiers and names could aid an attacker in reconnaissance activities, enabling them to map out the structure and scope of ongoing projects. This could facilitate further targeted attacks or unauthorized data access if combined with other vulnerabilities or insider threats. The potential for resource exhaustion leading to denial of service could disrupt critical annotation workflows, delaying development and deployment of AI models, which may impact sectors relying on timely computer vision data processing such as automotive, healthcare, manufacturing, and security. Although the vulnerability requires authenticated access, insider threats or compromised credentials could be leveraged to exploit it. The impact on confidentiality is limited to metadata exposure rather than direct access to annotated data or raw images, but the operational disruption risk elevates the overall concern. Given the growing adoption of AI and computer vision technologies in Europe, especially in research institutions and enterprises, this vulnerability could affect organizations relying on CVAT for annotation pipelines.

European organizations should promptly upgrade all CVAT instances to version 2.38.0 or later, where this vulnerability is patched. Until the upgrade is applied, organizations should enforce strict access controls and monitor authenticated user activities to detect unusual enumeration or resource-intensive requests. Implementing rate limiting on API endpoints that expose task, project, label, job, and quality report metadata can help mitigate resource exhaustion risks. Additionally, organizations should ensure strong authentication mechanisms, such as multi-factor authentication (MFA), to reduce the risk of credential compromise. Regular audits of user permissions and session logs can help identify potential insider threats or misuse. Network segmentation and isolation of CVAT instances from broader enterprise networks can limit the impact of any exploitation. Finally, organizations should maintain up-to-date backups and incident response plans to quickly recover from potential denial of service or other disruptions.