CVE-2025-11200

Published Oct 29, 2025

Last updated 2 months ago

CVSS critical 9.8

Overview

Description
MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.
Source
zdi-disclosures@trendmicro.com
NVD status
Analyzed
Products
mlflow

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

CVSS 3.0

Type
Secondary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

zdi-disclosures@trendmicro.com
CWE-521

Social media

Hype score
Not currently trending

  1. MLflow just had a bad week... Two CVEs dropped (CVE-2025-11200 (found be me 😆), CVE-2025-11201): authentication bypass via weak passwords + directory traversal RCE. Both unauthenticated, both trivial to exploit. Both submitted through the @thezdi program. If you're running

    @gothburz

    1 Nov 2025

    617 Impressions

    0 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. 🚨🚨CVE-2025-11200 (CVSS 8.1): MLflow Weak Password Requirements Authentication Bypass Vulnerability Remote attackers can skip auth entirely on vulnerable MLflow installs—no creds needed. Search by vul.cve Filter👉vul.cve="CVE-2025-11200" ZoomEye Dork👉app="MLflow" 5.4

    @zoomeye_team

    30 Oct 2025

    1640 Impressions

    4 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  3. MLflow CVE-2025-11200: Auth Bypass Alert Weak password requirements in MLflow allow attackers to bypass authentication. Teams should enforce strong credential policies ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #MLflow #InfoSec https://t.co/UKX0QmjUEx

    @ZeroPathLabs

    29 Oct 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of model file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26921.CVE-2025-11201
  2. In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.CVE-2025-1474
  3. A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.CVE-2025-1473
  4. In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.CVE-2025-0453
  5. In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. Additionally, there is no character limit in the `artifact_location` parameter while creating the experiment.CVE-2024-6838

References

Sources include official advisories and independent security research.