BIT-mlflow-2025-0453
Denial of service vulnerability in mlflow (PyPI)

Denial of service No known exploit

What is BIT-mlflow-2025-0453 About?

This vulnerability in MLFlow allows for a Denial of Service (DoS) attack via the `/graphql` endpoint due to uncontrolled resource consumption. An attacker can overload MLFlow workers by sending large batches of repetitive queries for experiment runs, making the application unresponsive. Exploitation is achieved by specifically crafted GraphQL queries.

Affected Software

mlflow <=2.17.2

Technical Details

The specific vulnerability in MLFlow version 2.17.2 resides in the /graphql endpoint's handling of queries that request all runs from a given experiment in large batches. An attacker can send numerous or highly complex GraphQL queries that repeatedly fetch extensive datasets. This design flaw or lack of resource throttling in the GraphQL query resolver leads to uncontrolled resource consumption, specifically by tying up all available MLFlow workers. As workers become saturated processing these malicious queries, they become unable to respond to legitimate requests, effectively rendering the application unresponsive and causing a denial of service for other users.

What is the Impact of BIT-mlflow-2025-0453?

Successful exploitation may allow attackers to render services unavailable, cause critical system failures, and disrupt the normal operation of MLFlow by making it unresponsive.

What is the Exploitability of BIT-mlflow-2025-0453?

Exploitation involves sending specially crafted GraphQL queries to the /graphql endpoint. The attacker needs to be able to construct and send these queries, specifically targeting the retrieval of all runs from an experiment in large batches. The complexity is moderate, requiring knowledge of GraphQL query syntax and MLFlow's API structure. Authentication might be required to access the /graphql endpoint, depending on the MLFlow deployment's security configuration. Privilege requirements would be those sufficient to query experiment runs. This is a remote exploitation scenario. The special condition is the ability to send large, repetitive batches of queries. The likelihood of exploitation increases if MLFlow instances are exposed publicly and allow extensive GraphQL querying for experiment data.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for BIT-mlflow-2025-0453?

Available Upgrade Options

  • No fixes available

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to BIT-mlflow-2025-0453?

Similar Vulnerabilities: CVE-2022-26134 , CVE-2023-49080 , CVE-2023-39325 , CVE-2023-38408 , CVE-2023-24874

All Rights reserved 2025
Privacy Policy