CVE-2025-11200 – This vulnerability allows remote attackers to b... (How to Fix)

📋 TL;DR

This vulnerability allows remote attackers to bypass authentication in MLflow installations due to weak password requirements. Attackers can gain unauthorized access without credentials. All MLflow deployments with the vulnerable code are affected.

💻 Affected Systems

Products:

MLflow

Versions: Versions before commit 1f74f3f24d8273927b8db392c23e108576936c54

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects installations using MLflow's built-in authentication. Custom authentication implementations may not be vulnerable.

📦 What is this software?

Mlflow by Lfprojects

View all CVEs affecting Mlflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of MLflow instance leading to data theft, model manipulation, and lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to MLflow dashboard, exposure of sensitive ML metadata, and potential data exfiltration.

🟢

If Mitigated

Limited impact if strong network segmentation and additional authentication layers are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities are typically easy to exploit once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 1f74f3f24d8273927b8db392c23e108576936c54 or later

Vendor Advisory: https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54

Restart Required: Yes

Instructions:

1. Update MLflow to latest version or apply commit 1f74f3f24d8273927b8db392c23e108576936c54
2. Restart MLflow service
3. Verify authentication is working properly

🔧 Temporary Workarounds

Implement external authentication proxy

all

Place MLflow behind a reverse proxy with strong authentication (OAuth, SAML, etc.)

Network isolation

linux

Restrict access to MLflow via firewall rules to trusted IPs only

iptables -A INPUT -p tcp --dport 5000 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 5000 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit MLflow exposure
Deploy Web Application Firewall (WAF) with authentication bypass protection rules

🔍 How to Verify

Check if Vulnerable:

Check MLflow version/git commit. If before commit 1f74f3f24d8273927b8db392c23e108576936c54, it's vulnerable.

Check Version:

mlflow --version

Verify Fix Applied:

Attempt authentication bypass using known weak passwords. Should fail after patch.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts with weak passwords
Successful logins from unexpected IPs
Authentication bypass patterns

Network Indicators:

Unusual authentication traffic patterns
Access to MLflow endpoints without proper auth headers

SIEM Query:

source="mlflow.log" AND (event="authentication_failure" OR event="authentication_bypass")

📊 Metadata

CVE ID: CVE-2025-11200

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-521

EPSS Score: 0.41% exploit probability (61th percentile)

Published: October 29, 2025

Last Updated: December 31, 2025

🔗 References

https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54 Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-932/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11200, you might also want to check these: