CVE-2025-6386 — HIGH (CVSS 7.5) AI Security Vulnerability

Q: Is CVE-2025-6386 actively exploited?

No confirmed active exploitation of CVE-2025-6386 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2025-6386?

1. PATCH: Update to commit f78437f or any subsequent release — the fix replaces the insecure == comparison with a constant-time comparison (hmac.compare_digest or secrets.compare_digest). 2. DETECT: Review web server access logs for high-volume authentication requests from single IPs with sub-millisecond timing variation patterns. 3. COMPENSATE (pre-patch): Implement rate limiting and IP-based throttling on the /auth endpoint to increase attacker request cost. Add artificial jitter (random delay) to authentication responses as a temporary mitigation. 4. AUDIT: Check access logs for anomalous authentication activity prior to patching — enumerate any accounts that may have been compromised via username enumeration.

Q: What systems are affected by CVE-2025-6386?

This vulnerability affects the following AI/ML architecture patterns: agent frameworks, AI orchestration platforms, self-hosted LLM deployments, local AI model serving.

Q: What is the CVSS score for CVE-2025-6386?

CVE-2025-6386 has a CVSS v3.1 base score of 7.5 (HIGH). The EPSS exploitation probability is 0.26%.

CISO Take

If your AI infrastructure includes parisneo/lollms, patch immediately to commit f78437f — this timing side-channel allows unauthenticated remote attackers to enumerate valid usernames and incrementally recover passwords without triggering lockouts. Internet-exposed lollms instances are directly at risk of full authentication bypass, granting adversaries access to your AI orchestration layer including all connected models and tools. No workaround exists other than patching or taking the service offline pending upgrade.

Risk Assessment

High severity (CVSS 7.5) with low current exploitation probability (EPSS 0.00071). The vulnerability requires no authentication, no privileges, and no user interaction — lowering the exploitation barrier significantly. However, successful timing attacks require statistical analysis across hundreds to thousands of network requests, making opportunistic mass exploitation unlikely. Targeted attacks against known-exposed lollms deployments are the realistic threat. Risk is elevated for organizations where lollms is internet-facing or accessible from shared network segments.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
lollms	pip	<= 11.0.0	No patch
72 Pushed 7d ago 33% patched ~1d to patch Full package profile →

Do you use lollms? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

0.3%

chance of exploitation in 30 days

Higher than 49% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Moderate

Attack Surface

AV Network

AC Low

PR None

UI None

S Unchanged

C High

I None

A None

Recommended Action

4 steps

PATCH

Update to commit f78437f or any subsequent release — the fix replaces the insecure == comparison with a constant-time comparison (hmac.compare_digest or secrets.compare_digest).
DETECT

Review web server access logs for high-volume authentication requests from single IPs with sub-millisecond timing variation patterns.
COMPENSATE (pre-patch): Implement rate limiting and IP-based throttling on the /auth endpoint to increase attacker request cost. Add artificial jitter (random delay) to authentication responses as a temporary mitigation.
AUDIT

Check access logs for anomalous authentication activity prior to patching — enumerate any accounts that may have been compromised via username enumeration.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable Yes

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Auth Bypass Data Extraction Framework Agent AML.T0006 - Active Scanning AML.T0012 - Valid Accounts AML.T0049 - Exploit Public-Facing Application AML.T0106 - Exploitation for Credential Access

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 15 - Accuracy, robustness and cybersecurity

ISO 42001

A.6.2 - AI system access control

NIST AI RMF

GOVERN 6.1 - Policies and procedures for AI risk management MANAGE 2.4 - Residual risks are managed

OWASP LLM Top 10

LLM06 - Excessive Agency

Frequently Asked Questions

What is CVE-2025-6386?

If your AI infrastructure includes parisneo/lollms, patch immediately to commit f78437f — this timing side-channel allows unauthenticated remote attackers to enumerate valid usernames and incrementally recover passwords without triggering lockouts. Internet-exposed lollms instances are directly at risk of full authentication bypass, granting adversaries access to your AI orchestration layer including all connected models and tools. No workaround exists other than patching or taking the service offline pending upgrade.

Is CVE-2025-6386 actively exploited?

No confirmed active exploitation of CVE-2025-6386 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-6386?

1. PATCH: Update to commit f78437f or any subsequent release — the fix replaces the insecure == comparison with a constant-time comparison (hmac.compare_digest or secrets.compare_digest). 2. DETECT: Review web server access logs for high-volume authentication requests from single IPs with sub-millisecond timing variation patterns. 3. COMPENSATE (pre-patch): Implement rate limiting and IP-based throttling on the /auth endpoint to increase attacker request cost. Add artificial jitter (random delay) to authentication responses as a temporary mitigation. 4. AUDIT: Check access logs for anomalous authentication activity prior to patching — enumerate any accounts that may have been compromised via username enumeration.

What systems are affected by CVE-2025-6386?

This vulnerability affects the following AI/ML architecture patterns: agent frameworks, AI orchestration platforms, self-hosted LLM deployments, local AI model serving.

What is the CVSS score for CVE-2025-6386?

CVE-2025-6386 has a CVSS v3.1 base score of 7.5 (HIGH). The EPSS exploitation probability is 0.26%.

Technical Details

NVD Description

The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in commit f78437f. The vulnerability arises from the use of Python's default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters.

Exploitation Scenario

An attacker identifies an internet-exposed lollms instance (via Shodan or direct reconnaissance). Using a timing oracle script, they send thousands of login requests with a target username and single-character password candidates, measuring response latencies with microsecond precision. Characters that cause longer processing time reveal matching prefix bytes, enabling character-by-character password reconstruction. Username validity is confirmed by comparing response time distributions for existing vs. non-existing accounts. Once credentials are recovered, the attacker logs into lollms with full user privileges — gaining access to all connected LLMs, tools, files, and agent workflows configured by that user.