CVE-2025-15453
📋 TL;DR
This vulnerability in Milvus allows remote attackers to execute arbitrary code through deserialization attacks via the HTTP endpoint. The vulnerability exists in the expr.Exec function where user-controlled code argument can be manipulated. All Milvus deployments up to version 2.6.7 with HTTP endpoints exposed are affected.
💻 Affected Systems
- Milvus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.
Likely Case
Remote code execution allowing attackers to run arbitrary commands on the Milvus server, potentially accessing sensitive vector database data.
If Mitigated
Limited impact if network segmentation and proper authentication controls prevent unauthorized access to the HTTP endpoint.
🎯 Exploit Status
Exploit details have been publicly disclosed in GitHub issues. The vulnerability is in a core function that processes user input, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.8
Vendor Advisory: https://github.com/milvus-io/milvus/issues/46442
Restart Required: Yes
Instructions:
1. Monitor for Milvus 2.6.8 release. 2. Backup your Milvus data and configuration. 3. Upgrade to version 2.6.8 when available. 4. Restart Milvus services.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to Milvus HTTP endpoints to trusted IP addresses only.
# Use firewall rules to restrict access
# Example for Linux iptables:
iptables -A INPUT -p tcp --dport 19530 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 19530 -j DROP
Authentication Enforcement
allEnsure strong authentication is required for all HTTP endpoint access.
# Configure Milvus authentication in milvus.yaml
auth:
enabled: true
username: your_username
password: your_password
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Milvus instances from untrusted networks
- Deploy web application firewall (WAF) rules to block suspicious deserialization patterns
🔍 How to Verify
Check if Vulnerable:
Check Milvus version. If version is 2.6.7 or earlier, the system is vulnerable.Check Version:
milvus versionVerify Fix Applied:
After patching, verify version is 2.6.8 or later and test that expression execution with malicious input is properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual expression execution patterns
- Multiple failed authentication attempts followed by expression execution
- Large or malformed expression payloads
Network Indicators:
- Unusual HTTP requests to /expr/exec endpoint
- Requests containing serialized objects or unusual code patterns
SIEM Query:
source="milvus" AND ("expr.Exec" OR "deserialization" OR "code execution")🔗 References
- https://github.com/milvus-io/milvus/issues/46442
- https://github.com/milvus-io/milvus/issues/46442#issue-3743414836
- https://github.com/milvus-io/milvus/issues/46442#issuecomment-3672197450
- https://github.com/milvus-io/milvus/milestone/139
- https://vuldb.com/?ctiid.339486
- https://vuldb.com/?id.339486
- https://vuldb.com/?submit.719061
