CVE-2025-52967
BaseFortify
Publication date: 2025-06-23
Last updated on: 2025-06-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52967 is a security vulnerability in MLflow versions before 3.1.0 where the gateway_proxy_handler function lacks proper validation of the gateway_path parameter. This means that unsafe or unintended endpoint paths could be processed by the gateway proxy, potentially allowing unauthorized access or misuse of the proxy functionality. The vulnerability arises because the gateway_path was not strictly checked against expected patterns, enabling malicious or malformed requests to be proxied through MLflow. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized or unintended access through the MLflow gateway proxy. Attackers could exploit the lack of validation on the gateway_path parameter to send malicious requests, potentially leading to misuse of the proxy functionality. This could result in unauthorized operations being performed or exposure of internal services that should be protected, thereby compromising the security of your MLflow deployment. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring requests to the MLflow gateway proxy endpoint at /ajax-api/2.0/mlflow/gateway-proxy. Suspicious or malformed requests with gateway_path parameters not matching the expected patterns (for GET: exactly 'api/2.0/endpoints/', for POST: matching 'gateway/{name}/invocations') may indicate exploitation attempts. Network or application logs can be searched for HTTP requests to this endpoint with invalid gateway_path values or unsupported HTTP methods (e.g., DELETE). Example commands to detect such requests could include using grep or similar tools on server logs: 1) grep for requests to '/ajax-api/2.0/mlflow/gateway-proxy' with gateway_path values not matching the allowed patterns, 2) grep for HTTP methods other than GET or POST on this endpoint. Specific commands depend on the logging format but might look like: - grep 'POST /ajax-api/2.0/mlflow/gateway-proxy' access.log | grep -vE 'gateway/[^/]+/invocations' - grep 'GET /ajax-api/2.0/mlflow/gateway-proxy' access.log | grep -v 'api/2.0/endpoints/' - grep -E '(DELETE|PUT|PATCH) /ajax-api/2.0/mlflow/gateway-proxy' access.log [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading MLflow to version 3.1.0 or later, where the vulnerability is fixed by adding strict validation of the gateway_path parameter in the gateway_proxy_handler. If upgrading is not immediately possible, restrict access to the /ajax-api/2.0/mlflow/gateway-proxy endpoint to trusted users or networks, and monitor for suspicious requests as described. Additionally, configure firewall or API gateway rules to allow only GET and POST methods on this endpoint and block others. Applying the patch from Pull Request #15970 or equivalent validation logic to your MLflow deployment will prevent exploitation by rejecting invalid gateway_path values and unsupported HTTP methods. [3]