CVE-2025-62593
published 2025-11-26CVE-2025-62593: Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability…
PriorityP278critical9.4CVSS 4.0
AVNACLATNPRNUIPVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.34%
25.6th percentile
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anyscale | ray | >= 0 < 2.52.0 | 2.52.0 |
| ray-project | ray | < 2.52.0 | 2.52.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect DNS rebinding exploitation attempts against Ray's HTTP API by monitoring for inbound requests to /api/jobs or /api/job_agent/jobs/ where the User-Agent header starts with 'Mozilla' but originates from an unexpected or external source — the 'Mozilla' prefix check is the sole (bypassable) guard. ↗
- →Monitor for DNS rebinding patterns: rapid DNS TTL changes or DNS responses resolving a public domain to a loopback/private IP (127.0.0.1, 192.168.x.x, 10.x.x.x) targeting Ray's default listening port, particularly from Firefox or Safari browser processes. ↗
- ·The vulnerable Ray versions are prior to 2.52.0. The fix is available in version 2.52.0. Ensure Ray is upgraded to 2.52.0 or later to remediate the insufficient User-Agent-based browser guard. ↗
- ·The User-Agent 'Mozilla' prefix check is the sole defense mechanism and is trivially bypassable via the fetch API; do not rely on it as a security control in any Ray deployment prior to 2.52.0. ↗
- ·Red Hat rates this Important (not Critical) because exploitation requires user interaction (visiting a malicious site) combined with a DNS rebinding attack; however, no mitigation meeting Red Hat's criteria is currently available for affected packages. ↗
CVSS provenance
nvdv4.09.4CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.4CRITICAL
vendor_redhat9.4CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ray: Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
vendor_redhat·2025-11-26·CVSS 9.4
CVE-2025-62593 [CRITICAL] CWE-94 ray: Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
ray: Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising).
GHSA
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
ghsa·2025-11-26
CVE-2025-62593 [CRITICAL] CWE-352 Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
# Summary
Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari.
Due to the longstanding [decision](https://docs.ray.io/en/releases-2.51.1/ray-security/index.html) by the Ray Development team to not implement any sort of authentication on critical endpoints, like the `/api/jobs` & `/api/job_agent/jobs/` has once again led to a severe vulnerability that allows attackers to execute arbitrary code against Ray. This time in a development context via the browsers Firefox and Safari.
This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the `User-Agent` header start
OSV
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
osv·2025-11-26
CVE-2025-62593 [CRITICAL] Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
# Summary
Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari.
Due to the longstanding [decision](https://docs.ray.io/en/releases-2.51.1/ray-security/index.html) by the Ray Development team to not implement any sort of authentication on critical endpoints, like the `/api/jobs` & `/api/job_agent/jobs/` has once again led to a severe vulnerability that allows attackers to execute arbitrary code against Ray. This time in a development context via the browsers Firefox and Safari.
This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the `User-Agent` header start
VulnCheck
anyscale ray Improper Control of Generation of Code ('Code Injection')
vulncheck·2025·CVSS 9.4
CVE-2025-62593 [CRITICAL] anyscale ray Improper Control of Generation of Code ('Code Injection')
anyscale ray Improper Control of Generation of Code ('Code Injection')
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has be
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-26
Published
Exploited in the wild