AI Threat Alert
Published June 23, 2025
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| mlflow | pip | >= 3.0.0rc0, < 3.1.0 | 3.1.0 |
Do you use mlflow? You're affected.
Severity & Risk
CVSS 3.1
5.8 / 10
EPSS
0.1%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
Patch available
Update mlflow to version 3.1.0
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N References
- github.com/mlflow/mlflow/issues/15944
- github.com/mlflow/mlflow/pull/15970
- github.com/mlflow/mlflow/releases/tag/v3.1.0
- github.com/advisories/GHSA-wxj7-3fx5-pp9m
- github.com/mlflow/mlflow/issues/15944
- github.com/mlflow/mlflow/pull/15970
- github.com/mlflow/mlflow/releases/tag/v2.22.2
- github.com/mlflow/mlflow/releases/tag/v3.1.0
- github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-52.yaml
- nvd.nist.gov/vuln/detail/CVE-2025-52967
Timeline
Published
June 23, 2025
Last Modified
September 12, 2025
First Seen
June 23, 2025