CVE-2025-52967: gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
mediumvulnerability
security
Summary
MLflow versions before 3.1.0 have a vulnerability in the gateway_proxy_handler component where it fails to properly validate the gateway_path parameter, potentially allowing SSRF (server-side request forgery, where an attacker tricks the server into making unwanted requests to internal systems). This validation gap could be exploited to access resources the attacker shouldn't be able to reach.
Solution / Mitigation
Upgrade MLflow to version 3.1.0 or later. The fix is available in the official release at https://github.com/mlflow/mlflow/releases/tag/v3.1.0.
Vulnerability Details
CVSS Score
5.8(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-52967
First tracked: February 15, 2026 at 08:46 PM
Classified by LLM (prompt v3) · confidence: 85%