{"data":{"id":"1b695d34-ba05-4704-9982-6c50a98179b1","title":"CVE-2025-64513: Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a","summary":"Milvus, an open-source vector database (a specialized database that stores and searches data based on similarity patterns, used in AI applications), has a critical vulnerability in older versions that allows attackers to skip authentication and gain full admin control over the database without needing a password. This means attackers could read, change, or delete any data and perform administrative tasks like managing databases.","solution":"Upgrade to Milvus versions 2.4.24, 2.5.21, or 2.6.5. Alternatively, if upgrading immediately is not possible, remove the sourceID header from all incoming requests at the gateway, API gateway, or load balancer level before requests reach the Milvus Proxy component. This prevents attackers from exploiting the authentication bypass.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-64513","publishedAt":"2025-11-11T03:15:40.270Z","cveId":"CVE-2025-64513","cweIds":["CWE-287"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Milvus"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00132,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-114"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}