AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-25459: An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology E

highvulnerability

security

Source: NVD/CVE DatabaseJune 16, 2022CVE-2020-25459

Summary

CVE-2020-25459 is a vulnerability in WeBank FATE (Federated AI Technology Enabler, a system for training machine learning models across multiple parties) versions 0.1 through 1.4.2 that allows attackers to read sensitive information during the training process. The issue exists in a function called sync_tree in the hetero_decision_tree_guest.py file, which means attackers could access private data while the model is being trained.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack Type

Data Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedTraining Data

Taxonomy References

CWE (Weakness Type)

CWE-668

Affected Vendors

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 85%