CVE-2025-0453

Exploit

EPSS 0.09%
Veröffentlicht 20.03.2025 10:11:02
Zuletzt bearbeitet 02.04.2025 16:10:48
Quelle security@huntr.dev
Teams Watchlist Login
Unerledigt Login

In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lfprojects ≫ Mlflow Version2.17.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.26

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@huntr.dev	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-0453

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0453

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0453

EUVD