CVE-2025-1474
📋 TL;DR
In MLflow versions 2.18, administrators can create user accounts without setting passwords, violating secure account management practices. This vulnerability could allow unauthorized access to these accounts, potentially compromising the MLflow instance. Organizations using MLflow 2.18 with admin-created user accounts are affected.
💻 Affected Systems
- MLflow
📦 What is this software?
Mlflow by Lfprojects
⚠️ Risk & Real-World Impact
Worst Case
An attacker discovers a passwordless admin-created account and gains unauthorized access, potentially compromising the entire MLflow instance, exfiltrating sensitive ML models and data, or using the platform for further attacks.
Likely Case
An internal or external actor discovers a passwordless account through enumeration or accidental discovery, gaining unauthorized access to MLflow resources and potentially sensitive ML artifacts.
If Mitigated
With proper network segmentation, monitoring, and access controls, impact is limited to the MLflow instance itself without lateral movement to other systems.
🎯 Exploit Status
Exploitation requires admin access to create vulnerable accounts, then attacker needs to discover these accounts. No authentication bypass occurs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.19.0
Vendor Advisory: https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
Restart Required: Yes
Instructions:
1. Backup your MLflow data and configurations. 2. Upgrade MLflow to version 2.19.0 using pip: 'pip install mlflow==2.19.0'. 3. Restart all MLflow services. 4. Verify the fix by attempting to create a user without a password (should fail).
🔧 Temporary Workarounds
Enforce password policies via admin procedures
allImplement strict administrative procedures requiring passwords for all user accounts and audit existing accounts.
Disable admin user creation functionality
allTemporarily disable admin ability to create users until patching is complete.
🧯 If You Can't Patch
- Audit all user accounts in MLflow and ensure every account has a strong password set
- Implement network segmentation to isolate MLflow instances and monitor for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check if running MLflow version 2.18 and review user accounts for any without passwords set.Check Version:
python -c "import mlflow; print(mlflow.__version__)"Verify Fix Applied:
After upgrading to 2.19.0, attempt to create a user without a password via admin interface - should fail with validation error.📡 Detection & Monitoring
Log Indicators:
- User login attempts without password authentication
- Admin user creation events without password parameters
- Failed login attempts to accounts that shouldn't exist
Network Indicators:
- Unusual authentication patterns to MLflow instance
- Traffic from unexpected sources to MLflow endpoints
SIEM Query:
source="mlflow" AND (event_type="user_creation" AND NOT password_set) OR (auth_failure AND user="*")