{"data":{"id":"f40491fd-d1fc-435b-bd89-c133c54f48cd","title":"CVE-2025-1474: In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerabil","summary":"In MLflow (a machine learning workflow tool) version 2.18, administrators can create user accounts without requiring passwords, which violates security best practices and could allow unauthorized access to accounts. This vulnerability is classified under weak password requirements, meaning the system doesn't enforce strong authentication measures.","solution":"The issue is fixed in version 2.19.0. Users should upgrade MLflow from version 2.18 to version 2.19.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-1474","publishedAt":"2025-03-20T14:15:54.037Z","cveId":"CVE-2025-1474","cweIds":["CWE-521"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00091,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}