cbcvebase.
CVE-2025-62593
published 2025-11-26

CVE-2025-62593: Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability…

PriorityP278critical9.4CVSS 4.0
AVNACLATNPRNUIPVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.34%
25.6th percentile
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
anyscaleray>= 0 < 2.52.02.52.0
ray-projectray< 2.52.02.52.0

Detection & IOCsextracted from sources · hover to see the quote

  • Detect DNS rebinding exploitation attempts against Ray's HTTP API by monitoring for inbound requests to /api/jobs or /api/job_agent/jobs/ where the User-Agent header starts with 'Mozilla' but originates from an unexpected or external source — the 'Mozilla' prefix check is the sole (bypassable) guard.
  • Monitor for DNS rebinding patterns: rapid DNS TTL changes or DNS responses resolving a public domain to a loopback/private IP (127.0.0.1, 192.168.x.x, 10.x.x.x) targeting Ray's default listening port, particularly from Firefox or Safari browser processes.
  • ·The vulnerable Ray versions are prior to 2.52.0. The fix is available in version 2.52.0. Ensure Ray is upgraded to 2.52.0 or later to remediate the insufficient User-Agent-based browser guard.
  • ·The User-Agent 'Mozilla' prefix check is the sole defense mechanism and is trivially bypassable via the fetch API; do not rely on it as a security control in any Ray deployment prior to 2.52.0.
  • ·Red Hat rates this Important (not Critical) because exploitation requires user interaction (visiting a malicious site) combined with a DNS rebinding attack; however, no mitigation meeting Red Hat's criteria is currently available for affected packages.

CVSS provenance

nvdv4.09.4CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.4CRITICAL
vendor_redhat9.4CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.