CVE-2025-49651 is a critical security vulnerability classified under CWE-862 (Missing Authorization) affecting all current versions of Lablup's BackendAI platform. The vulnerability arises due to the absence of proper authorization checks within the BackendAI backend, allowing an attacker to hijack all active user sessions. This means that an attacker can gain unauthorized access to any session currently active on the platform, enabling them to view, steal, or modify any data accessible within those sessions. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:H/PR:N/UI:N). Although the attack complexity is high, no privileges or user interaction are needed, increasing the risk of exploitation. The impact on confidentiality, integrity, and availability is severe, as attackers can fully compromise user sessions, potentially leading to data breaches, unauthorized data manipulation, and service disruption. BackendAI is a platform used for AI and machine learning workloads, often handling sensitive data and computational tasks, making this vulnerability particularly dangerous. No patches are currently available, and no known exploits have been reported in the wild yet, but the high severity score of 8.1 underscores the urgency for mitigation and monitoring.

For European organizations using BackendAI, this vulnerability poses a significant risk to data confidentiality and integrity. Organizations in sectors such as research, finance, healthcare, and technology that rely on BackendAI for AI model training and deployment could face unauthorized data exposure or manipulation. The ability for attackers to take over active sessions could lead to intellectual property theft, leakage of sensitive personal or corporate data, and disruption of AI services. Given the critical role AI platforms play in digital transformation and innovation, exploitation could also damage organizational reputation and lead to regulatory non-compliance, especially under GDPR requirements for data protection. The lack of authentication requirements for exploitation increases the threat surface, potentially allowing remote attackers to compromise BackendAI instances hosted on-premises or in cloud environments. This could also facilitate lateral movement within networks, escalating the impact beyond the initial compromise.

Immediate mitigation steps include implementing strict network access controls to restrict BackendAI backend access to trusted IP ranges and internal networks only. Organizations should monitor active sessions closely for unusual activity and consider session invalidation or forced logout mechanisms where possible. Deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting BackendAI endpoints can provide temporary protection. Since no official patches are available yet, organizations should engage with Lablup for timelines on fixes and consider applying any recommended configuration changes or workarounds. Additionally, segregating BackendAI environments and limiting user privileges can reduce the blast radius of a potential exploit. Logging and alerting on session management anomalies will help in early detection of exploitation attempts. Finally, organizations should prepare incident response plans specific to session hijacking scenarios and educate users about the risks.