{"data":{"id":"5555aadc-e8bf-4705-b26d-920a43b3cc89","title":"CVE-2025-62593: Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited","summary":"Ray, an AI compute engine, had a critical vulnerability before version 2.52.0 that allowed attackers to run code on a developer's computer (RCE, or remote code execution) through Firefox and Safari browsers. The vulnerability exploited a weak security check that only looked at the User-Agent header (a piece of information browsers send to websites) combined with DNS rebinding attacks (tricks that redirect browser requests to unexpected servers), allowing attackers to compromise developers who visited malicious websites or ads.","solution":"Update to Ray version 2.52.0 or later, as this issue has been patched in that version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-62593","publishedAt":"2025-11-27T04:15:47.927Z","cveId":"CVE-2025-62593","cweIds":["CWE-94","CWE-352"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Ray"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0001,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}