CVE-2025-14279
📋 TL;DR
MLFlow versions up to 3.4.0 are vulnerable to DNS rebinding attacks due to missing Origin header validation in the REST server. This allows malicious websites to bypass Same-Origin Policy and make unauthorized API calls to query, update, or delete ML experiments. Organizations running exposed MLFlow instances are affected.
💻 Affected Systems
- MLFlow
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of MLFlow data including exfiltration of all experiment metadata, destruction of ML models and tracking data, and manipulation of experiment results.
Likely Case
Unauthorized access to experiment data, modification of experiment parameters, and potential data corruption affecting ML workflows.
If Mitigated
Limited impact if proper network segmentation and access controls are implemented, though the vulnerability still exists.
🎯 Exploit Status
Exploitation requires a malicious website that victims visit while MLFlow is accessible from their network. The vulnerability is well-documented in public references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.5.0
Vendor Advisory: https://github.com/mlflow/mlflow/commit/b0ffd289e9b0d0cc32c9e3a9b9f3843ae83dbec3
Restart Required: Yes
Instructions:
1. Backup MLFlow data and configurations. 2. Upgrade MLFlow to version 3.5.0 or later using pip: 'pip install --upgrade mlflow>=3.5.0'. 3. Restart all MLFlow services. 4. Verify the upgrade with 'mlflow --version'.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict MLFlow server access to trusted networks only using firewall rules.
iptables -A INPUT -p tcp --dport 5000 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 5000 -j DROP
Reverse Proxy with CORS
allDeploy a reverse proxy (nginx/apache) with strict CORS policies to validate Origin headers.
add_header 'Access-Control-Allow-Origin' 'trusted-domain.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
🧯 If You Can't Patch
- Implement strict network access controls to limit MLFlow server exposure to internal trusted networks only.
- Deploy a web application firewall (WAF) with CORS policy enforcement to block unauthorized Origin headers.
🔍 How to Verify
Check if Vulnerable:
Check MLFlow version with 'mlflow --version' or examine package metadata. If version is 3.4.0 or lower, the system is vulnerable.Check Version:
mlflow --versionVerify Fix Applied:
After upgrade, confirm version is 3.5.0 or higher with 'mlflow --version'. Test REST API endpoints with malformed Origin headers to ensure they are rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual REST API calls from unexpected IP addresses
- Multiple failed authentication attempts followed by successful API calls
- DNS queries for MLFlow server from external domains
Network Indicators:
- HTTP requests with suspicious Origin headers
- DNS rebinding attempts targeting MLFlow domains
- Unusual traffic patterns to MLFlow REST endpoints
SIEM Query:
source="mlflow.log" AND (http_request.method IN ("POST", "PUT", "DELETE") AND NOT http_request.referer IN ("trusted-domain.com"))