Executive Summary

CVE-2025-14279 is a vulnerability in MLFlow versions up to 3.4.0 where the MLFlow REST server does not validate the Origin header, making it susceptible to DNS rebinding attacks. This allows malicious websites to bypass the Same-Origin Policy and perform unauthorized actions on the REST endpoints, such as querying, updating, or deleting experiments. The vulnerability is fixed in version 3.5.0 by adding a security middleware that validates Host headers and implements protections against DNS rebinding, CORS attacks, and clickjacking. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized access and manipulation of your MLFlow experiments. An attacker exploiting this flaw could exfiltrate sensitive data, modify experiment data, or delete experiments, potentially causing data loss or corruption. This could disrupt your machine learning workflows and compromise the integrity and confidentiality of your experiment data. [1]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking the MLflow server version via its /version endpoint to see if it is up to and including 3.4.0, which are vulnerable. Additionally, you can inspect the server configuration to verify if the security middleware is enabled (available only in version 3.5.0+ with the FastAPI-based server). For example, use a curl command to query the version: curl http://<mlflow-server-host>:<port>/version. Also, check if the server is accepting requests from unauthorized origins or hosts by monitoring HTTP Host headers and CORS policies. There is no specific command to detect DNS rebinding attacks directly, but monitoring unusual cross-origin requests or unexpected API calls to MLflow REST endpoints can help identify exploitation attempts. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading MLflow to version 3.5.0 or later, which includes built-in security middleware protecting against DNS rebinding attacks. If upgrading is not immediately possible, restrict access to the MLflow server by binding it to localhost or private IP addresses only, and configure allowed hosts and CORS origins explicitly using the --allowed-hosts and --cors-allowed-origins options. Additionally, deploy MLflow behind a reverse proxy (e.g., NGINX or Apache) or VPN to enforce TLS/HTTPS encryption and authentication. Avoid disabling the security middleware unless you have external protections in place. Also, configure security headers such as X-Frame-Options to prevent clickjacking. [1]

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthorized access to MLflow REST endpoints, enabling attackers to query, update, and delete experiments, which can lead to data exfiltration, destruction, or manipulation. Such unauthorized data access and manipulation can result in non-compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity. The security enhancements introduced in version 3.5.0, including DNS rebinding protection, CORS controls, clickjacking prevention, and recommendations for TLS encryption and authentication, help mitigate these risks and support compliance efforts by protecting sensitive data from unauthorized access and manipulation. [1]

Useful 0 Not Useful 0