Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / mlflow / CVE-2025-0453.yaml
CVE-2025-0453.yaml
 1  info:
 2    name: mlflow
 3    cve: CVE-2025-0453
 4    summary: Denial of Service vulnerability in mlflow GraphQL endpoint
 5    details: |
 6      In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack.
 7      An attacker can create large batches of queries that repeatedly request all runs from a given experiment,
 8      potentially tying up all the workers allocated by MLFlow and rendering the application unable to respond
 9      to other requests due to uncontrolled resource consumption.
10    cvss: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
11    severity: MEDIUM
12    security_advise: |
13      1. Upgrade to mlflow >= 2.17.3
14      2. Implement rate limiting on the `/graphql` endpoint to prevent large batches of queries
15      3. Monitor resource usage and set up alerts for abnormal activity
16  rule: version == "2.17.2"
17  references:
18    - https://nvd.nist.gov/vuln/detail/CVE-2025-0453
19    - https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b