CVE-2025-52967
published 2025-06-23CVE-2025-52967: gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
PriorityP429medium5.8CVSS 3.1
AVNACLPRNUINSCCNILAN
EPSS
0.37%
28.8th percentile
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 3.1.0 | 3.1.0 |
| lfprojects | mlflow | >= 0 < 2.22.2 | 2.22.2 |
| lfprojects | mlflow | >= 0 < 39a419b4ec8fd11b59b3e50ab397042a490f2324 | 39a419b4ec8fd11b59b3e50ab397042a490f2324 |
| lfprojects | mlflow | >= 0 < 3.1.0 | 3.1.0 |
| lfprojects | mlflow | >= 3.0.0rc0 < 3.1.0 | 3.1.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MLFlow SSRF via gateway_proxy_handler
osv·2025-06-23
CVE-2025-52967 [MEDIUM] MLFlow SSRF via gateway_proxy_handler
MLFlow SSRF via gateway_proxy_handler
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
GHSA
MLFlow SSRF via gateway_proxy_handler
ghsa·2025-06-23
CVE-2025-52967 [MEDIUM] CWE-918 MLFlow SSRF via gateway_proxy_handler
MLFlow SSRF via gateway_proxy_handler
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
OSV
CVE-2025-52967: gateway_proxy_handler in MLflow before 3
osv·2025-06-23
CVE-2025-52967 CVE-2025-52967: gateway_proxy_handler in MLflow before 3
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-23
Published