cbcvebase.
CVE-2024-25723
published 2024-02-27

CVE-2024-25723: ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the…

PriorityP184high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
70.58%
99.3th percentile
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.

Affected

8 ranges
VendorProductVersion rangeFixed in
zenmlzenml< 0.42.20.42.2
zenmlzenml
zenmlzenml>= 0 < 0.42.20.42.2
zenmlzenml>= 0.43.0 < 0.43.10.43.1
zenmlzenml>= 0.44.0 < 0.44.40.44.4
zenmlzenml>= 0.44.0 < 0.44.40.44.4
zenmlzenml>= 0.45.0 < 0.46.70.46.7
zenmlzenml>= 0.45.0 < 0.46.70.46.7

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/users/{user_name_or_id}/activate
url/api/v1/info
  • Detect exploitation attempts by monitoring HTTP PUT/POST requests to the /api/v1/users/{user_name_or_id}/activate endpoint that include a new password in the request body without proper prior authentication.
  • Use the Shodan favicon hash -2028554187 or FOFA body='ZenML' to discover internet-exposed ZenML Server instances for asset inventory and patch verification.
  • Extract the ZenML version from the /api/v1/info JSON response using the regex '"version":"(.*?)"' to confirm whether the instance is running a vulnerable release.
  • ·Patched versions exist in multiple backport branches; ensure detection logic excludes 0.44.4, 0.43.1, and 0.42.2 in addition to >= 0.46.7 to avoid false positives on patched older deployments.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.