CVE-2025-0453
Published: 20 March 2025
Description
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
Security Summary
CVE-2025-0453 is a denial-of-service vulnerability in mlflow/mlflow version 2.17.2, specifically affecting the `/graphql` endpoint. The issue stems from uncontrolled resource consumption (CWE-410), where an attacker can send large batches of queries that repeatedly request all runs from a given experiment. This exhausts all workers allocated by MLflow, preventing the application from responding to other requests.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), meaning it is exploitable over the network with low attack complexity, requiring no privileges or user interaction, and results in high availability impact with no effects on confidentiality or integrity. Remote, unauthenticated attackers can trigger the DoS condition, rendering the MLflow service unresponsive.
Mitigation details are available in advisories referenced at https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b. The vulnerability was published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- MLflow is an open-source platform for managing the ML lifecycle, including experiment tracking and deployment, fitting 'Other Platforms'. The vulnerability affects its GraphQL endpoint for querying ML runs.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE enables denial of service via large GraphQL query batches that exhaust MLflow application workers through uncontrolled resource consumption, mapping to Application Exhaustion Flood.