AI description
CVE-2023-48022 is a vulnerability affecting Anyscale Ray versions 2.6.3 and 2.8.0. It exists within the job submission API of the Ray framework, a tool used for Python-based AI and machine learning applications. This vulnerability allows a remote attacker to execute arbitrary code on the system. The flaw stems from a lack of authentication or verification in the job submission API, potentially leading to unauthorized access and control over the system.
- Description
- Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
🚩 “ShadowRay 2.0” Exploits Unpatched Ray AI Framework Flaw (CVE-2023-48022) https://t.co/3yO9dmenbQ Attackers are hijacking exposed Ray clusters, some worth millions in GPU compute, to build a worm-like, self-propagating botnet for crypto mining, DDoS attacks, and data t
@Huntio
29 Nov 2025
1337 Impressions
3 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
Oligo exposes ShadowRay 2.0: Attackers exploit CVE-2023-48022 in Ray for AI-generated self-propagating botnet. 230K+ exposed servers hit for mining/DDoS. No patch—design or flaw? Isolate clusters now. #CyberSec #ai https://t.co/isjSSGnFe1
@exc_actual
24 Nov 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2023-48022
@transilienceai
24 Nov 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-6387 2 - CVE-2022-40684 3 - CVE-2016-5284 4 - CVE-2025-4123 5 - CVE-2023-48022 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
23 Nov 2025
153 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
#ShadowRay 2.0 exploits CVE-2023-48022 in the #Ray framework to hijack exposed GPU clusters, submitting malicious jobs via unauthenticated APIs and deploying XMRig miners. The campaign uses GitHub/GitLab payloads, lateral movement and cron persistence to expand a GPU-based botnet
@MeridianEU
21 Nov 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-48022 - Ray Framework Flaw Fuels ShadowRay 2.0 Botnet ShadowRay 2.0 is exploiting CVE-2023-48022 in Ray framework to build a cryptomining botnet. What's brutal: the vulnerability has been public since December 2023, yet thousands of unpatched Ray clusters remain
@the_c_protocol
21 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowRay 2.0 is exploiting CVE-2023-48022 to hijack Ray AI clusters for cryptojacking and DDoS attacks. Ray’s missing authentication leaves over 230,000 nodes exposed. Ensure dashboards are not public, restrict port 8265, and review your firewall rules. #CyberSecurity https:
@CloneSystemsInc
21 Nov 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowRay 2.0、RayのCVE-2023-48022悪用GPU採掘ボットネット https://t.co/WEiwSNCClR #Security #セキュリティー #ニュース
@SecureShield_
21 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oligo Security, Ray AI framework'ündeki iki yıllık CVE-2023-48022 açığından yararlanılarak NVIDIA GPU'lu kümelerin kripto madenciliği botnetine dönüştürüldüğünü açıkladı. ShadowRay 2.0 saldırısı, kendini çoğaltan solucanla yayılıyor ve DDoS taktikleri
@siberhaberler7
20 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers are exploiting a 2-year-old authentication flaw (CVE-2023-48022) in the Ray AI framework to take over NVIDIA GPU clusters and run a self-spreading crypto-mining botnet called ShadowRay 2.0. The bug remains unpatched by design, and over 230,000 Ray servers are expose
@TheHackersNews
20 Nov 2025
13210 Impressions
38 Retweets
121 Likes
25 Bookmarks
6 Replies
1 Quote
⚠️ ShadowRay 2.0 hackers exploit critical CVE-2023-48022 flaw in Ray AI framework to hijack 230,000+ exposed AI clusters worldwide. The self-propagating cryptomining botnet uses AI-generated payloads to spread, steal data, & launch DDoS attacks. Urgent patch & network
@ThisIsWhyAI
20 Nov 2025
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Campanha ShadowRay 2.0 explora falha antiga em Ray Clusters: Ataque global transforma clusters Ray vulneráveis em botnet de cryptomining autônomo, com roubo de dados e DDoS, usando payloads gerados por IA e explorando CVE-2023-48022 sem correção disponível. https://t.co/A345
@caveiratech
19 Nov 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Since early November, we’ve been tracking a sophisticated campaign where attackers exploit the ShadowRay vulnerability (CVE-2023-48022) in the Ray framework to compromise AI compute clusters, and weaponize them into a self-propagating botnet. https://t.co/3NZ2rgRlqW
@avi_lum
18 Nov 2025
80 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2023-48022 - critical 🚨 Anyscale Ray - Remote Code Execution > Anyscale Ray 2.6.3 and 2.8.0 contain a remote code execution vulnerability due to ins... 👾 https://t.co/VcewFCqBcR @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
23 Jun 2025
196 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2018-1207 2 - CVE-2025-1316 3 - CVE-2025-31200 4 - CVE-2015-3824 5 - CVE-2023-48022 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
23 Jun 2025
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New Templates Bounty Issue 💰 CVE-2023-48022 - Anyscale Ray - Remote Code Execution 💰 👾 Issue: https://t.co/yJwQboiF1R #bugbounty #NucleiTemplates #cve #opensource
@pdnuclei
22 Jun 2025
2147 Impressions
6 Retweets
29 Likes
8 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"
},
{
"criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"
}
],
"operator": "OR"
}
]
}
]