CVE-2025-14279
DNS Rebinding Vulnerability in MLFlow REST Server Enables Data Manipulation
Publication date: 2026-01-12
Last updated on: 2026-04-14
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lfprojects | mlflow | to 3.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14279 is a vulnerability in MLFlow versions up to 3.4.0 where the MLFlow REST server does not validate the Origin header, making it susceptible to DNS rebinding attacks. This allows malicious websites to bypass the Same-Origin Policy and perform unauthorized actions on the REST endpoints, such as querying, updating, or deleting experiments. The vulnerability is fixed in version 3.5.0 by adding a security middleware that validates Host headers and implements protections against DNS rebinding, CORS attacks, and clickjacking. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access and manipulation of your MLFlow experiments. An attacker exploiting this flaw could exfiltrate sensitive data, modify experiment data, or delete experiments, potentially causing data loss or corruption. This could disrupt your machine learning workflows and compromise the integrity and confidentiality of your experiment data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the MLflow server version via its /version endpoint to see if it is up to and including 3.4.0, which are vulnerable. Additionally, you can inspect the server configuration to verify if the security middleware is enabled (available only in version 3.5.0+ with the FastAPI-based server). For example, use a curl command to query the version: curl http://<mlflow-server-host>:<port>/version. Also, check if the server is accepting requests from unauthorized origins or hosts by monitoring HTTP Host headers and CORS policies. There is no specific command to detect DNS rebinding attacks directly, but monitoring unusual cross-origin requests or unexpected API calls to MLflow REST endpoints can help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading MLflow to version 3.5.0 or later, which includes built-in security middleware protecting against DNS rebinding attacks. If upgrading is not immediately possible, restrict access to the MLflow server by binding it to localhost or private IP addresses only, and configure allowed hosts and CORS origins explicitly using the --allowed-hosts and --cors-allowed-origins options. Additionally, deploy MLflow behind a reverse proxy (e.g., NGINX or Apache) or VPN to enforce TLS/HTTPS encryption and authentication. Avoid disabling the security middleware unless you have external protections in place. Also, configure security headers such as X-Frame-Options to prevent clickjacking. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to MLflow REST endpoints, enabling attackers to query, update, and delete experiments, which can lead to data exfiltration, destruction, or manipulation. Such unauthorized data access and manipulation can result in non-compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity. The security enhancements introduced in version 3.5.0, including DNS rebinding protection, CORS controls, clickjacking prevention, and recommendations for TLS encryption and authentication, help mitigate these risks and support compliance efforts by protecting sensitive data from unauthorized access and manipulation. [1]