AI Threat Alert
Auth Bypass
AI/ML platforms accumulate auth-bypass vulnerabilities at the same rate as other web software, but the blast radius is unusual: a bypass on an inference endpoint exposes expensive compute, paid model access, and potentially other tenants' conversations. Common patterns we see in NVD and GHSA include misconfigured JWT verification in self-hosted inference servers, missing authorization checks on admin routes in ML platforms, IDOR on prediction-history endpoints, and SSRF that escapes a sandboxed agent into the platform's internal network. Open-source AI platforms (MLflow, Gradio, LangServe, Ollama) have shipped multiple high-severity auth-bypass CVEs since 2023; CISA KEV has flagged at least one (the MLflow path-traversal/auth chain). Defenses: keep self-hosted AI platforms patched aggressively, require auth on all model endpoints, network-segment inference servers, and treat any exposed AI service as if compute-cost abuse will happen.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-59434 | Flowise Cloud: cross-tenant env var exposure leaks API keys | 9.6 | |
| MEDIUM | CVE-2025-60511 | Moodle: IDOR enables unauthorized data access | 4.3 | |
| MEDIUM | CVE-2025-12360 | Better: security flaw enables exploitation | 4.3 | |
| MEDIUM | CVE-2025-11972 | AI component: SQL Injection exposes database | 4.9 | |
| MEDIUM | CVE-2025-12732 | AI component: Info Disclosure leaks sensitive data | 4.3 | |
| MEDIUM | CVE-2025-13354 | taxopress: Missing Auth allows unauthorized operations | 4.3 | |
| MEDIUM | CVE-2025-13922 | AI component: SQL Injection exposes database | 6.5 | |
| MEDIUM | CVE-2025-14371 | AI component: Missing Auth allows unauthorized operations | 4.3 | |
| MEDIUM | CVE-2025-14980 | BetterDocs: Info Disclosure leaks sensitive data | 6.5 | |
| HIGH | CVE-2025-65098 | typebot: XSS enables session hijacking | 7.4 | |
| HIGH | CVE-2025-66404 | mcp-server-kubernetes: Command Injection enables RCE | 8.8 | |
| CRITICAL | CVE-2023-25823 | Gradio: hardcoded SSH key leaks via share=True demos | gradio | 9.8 |
| CRITICAL | CVE-2023-34239 | Gradio: path traversal + SSRF exposes model files & infra | gradio | 9.1 |
| HIGH | CVE-2025-23042 | Gradio: ACL bypass via path case manipulation | gradio | 7.5 |
| CRITICAL | CVE-2023-6014 | MLflow: auth bypass allows arbitrary account creation | mlflow | 9.8 |
| HIGH | CVE-2023-43472 | MLflow: unauth REST API leaks sensitive ML data | mlflow | 7.5 |
| MEDIUM | CVE-2023-6568 | MLflow: reflected XSS via Content-Type header injection | mlflow | 6.1 |
| HIGH | CVE-2024-1483 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| HIGH | CVE-2024-1560 | MLflow: path traversal allows arbitrary directory deletion | mlflow | 8.1 |
| HIGH | CVE-2024-1593 | MLflow: path traversal via ';' smuggling exposes files | mlflow | 7.5 |