{"data":{"id":"8ca782ba-a5eb-4034-bb2a-154c670b435f","title":"CVE-2025-52967: gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.","summary":"MLflow versions before 3.1.0 have a vulnerability in the gateway_proxy_handler component where it fails to properly validate the gateway_path parameter, potentially allowing SSRF (server-side request forgery, where an attacker tricks the server into making unwanted requests to internal systems). This validation gap could be exploited to access resources the attacker shouldn't be able to reach.","solution":"Upgrade MLflow to version 3.1.0 or later. The fix is available in the official release at https://github.com/mlflow/mlflow/releases/tag/v3.1.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-52967","publishedAt":"2025-06-23T19:15:29.163Z","cveId":"CVE-2025-52967","cweIds":["CWE-918"],"cvssScore":"5.8","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}