CVE-2025-2129
The target mage-ai instance has been identified to be vulnerable to CVE-2025-2129 due to its outdated version; 0.9.75
/Practice/Zab/3-Exploitation/attachments/{E27CA517-E268-4C5B-A5B0-7F6B672D112A}.png)
A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects some unknown functionality. The manipulation with an unknown input leads to a insecure default initialization of resource vulnerability. CWE is classifying the issue as CWE-1188. The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. This is going to have an impact on confidentiality, integrity, and availability.
Exploit
/Practice/Zab/3-Exploitation/attachments/{BC1E6C81-F7DC-44F4-BBEC-E73E3F30A04C}.png)
PoC is available