CVE-2025-1473

Published Mar 20, 2025

Last updated 7 months ago

CVSS high 7.1

Overview

Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.
Source
security@huntr.dev
NVD status
Analyzed
Products
mlflow

Risk scores

CVSS 3.1

Type
Primary
Base score
7.1
Impact score
4.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Severity
HIGH

CVSS 3.0

Type
Secondary
Base score
5.4
Impact score
2.5
Exploitability score
2.8
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@huntr.dev
CWE-352

Social media

Hype score
Not currently trending

  1. CVE-2025-1473 A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to crea… https://t.co/NBeF2noMom

    @CVEnew

    20 Mar 2025

    248 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Just scored two CVEs for MLflow!(CVE-2025-1473,CVE-2025-1474) MLflow is an open-source platform for managing machine learning workflows. I found a CSRF vulnerability that could’ve been nasty if exploited, and noticed the password policy was pretty weak too – had to call that out.

    @krishnast54

    20 Feb 2025

    52 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. We are glad to share our security researcher Krishna Tiwari's achievement in getting two CVEs for AI/ML application - @MLflow . CVE-2025-1473 https://t.co/SE0fFb935M CVE-2025-1474 @ProtectAICorp #cybersecurity #infosec #AI #ml #CVE #research https://t.co/rrlVfjGO9Z

    @defhawk_specter

    20 Feb 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.CVE-2025-11200
  2. MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of model file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26921.CVE-2025-11201
  3. In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.CVE-2025-1474
  4. In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.CVE-2025-0453
  5. In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. Additionally, there is no character limit in the `artifact_location` parameter while creating the experiment.CVE-2024-6838

References

Sources include official advisories and independent security research.