CVE-2025-1473

CVE-2025-1473 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, affecting the Signup feature in mlflow/mlflow versions 2.17.0 through 2.20.1. Published on 2025-03-20, it has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). The flaw enables unauthorized account creation through forged requests.

An attacker with network access and no required privileges can exploit this by tricking an authenticated user into interacting with a malicious webpage or link (UI:R), such as clicking a button that submits a CSRF payload to the vulnerable Signup endpoint. Successful exploitation creates a new account under the attacker's control, which can then be used to perform unauthorized actions, potentially leading to high confidentiality impact through data access and low integrity impact via limited modifications.

Mitigation details are available in the project's GitHub commit ecfa61cb43d3303589f3b5834fd95991c9706628, which patches the issue, and via the Huntr bounty report at https://huntr.com/bounties/43dc50b6-7d1e-41b9-9f97-f28809df1d45. Security practitioners should upgrade to a fixed version beyond 2.20.1 and review CSRF protections in MLflow deployments.

Mlflow is an open-source platform for managing the machine learning lifecycle, making this vulnerability relevant to AI/ML environments where unauthorized account creation could compromise experiment tracking, model registries, or deployment workflows. No public evidence of real-world exploitation is noted in the provided details.