Listen to this Post
How the CVE Works:
The vulnerability exists in the `gateway_proxy_handler` component of MLflow versions before 3.1.0. Due to insufficient validation of the `gateway_path` parameter, an attacker can craft malicious requests that force the server to make unauthorized internal or external HTTP requests. This SSRF flaw allows attackers to bypass access controls, interact with internal services, or exfiltrate sensitive data by manipulating server-side requests. The lack of proper input sanitization enables attackers to supply arbitrary URLs, leading to unintended server communications.
DailyCVE Form:
Platform: MLFlow
Version: < 3.1.0
Vulnerability: SSRF
Severity: Moderate
Date: Jun 23, 2025
Prediction: Patch by Jul 15, 2025
What Undercode Say:
curl -X GET "http://vulnerable-mlflow-server/gateway_proxy?url=http://internal-service"
import requests exploit_url = "http://victim-mlflow/gateway_proxy?url=http://localhost/admin" response = requests.get(exploit_url)
How Exploit:
Attackers send crafted requests to `gateway_proxy_handler` with malicious `gateway_path` values, forcing the server to fetch internal resources or interact with restricted endpoints.
Protection from this CVE:
Upgrade to MLflow 3.1.0 or later. Implement strict input validation and URL whitelisting for proxy handlers.
Impact:
Unauthorized access to internal services, data leakage, and potential remote code execution.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
