CVE-2025-1473
Cross-Site Request Forgery (CSRF) vulnerability in mlflow (PyPI)
What is CVE-2025-1473 About?
A Cross-Site Request Forgery (CSRF) vulnerability in mlflow/mlflow versions 2.17.0 to 2.20.1 allows attackers to create new accounts without the user's explicit consent. This can lead to unauthorized account creation that may be abused for malicious actions. Exploitation typically requires enticing a legitimate user to click a crafted link.
Affected Software
Technical Details
The vulnerability exists in the signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1 due to a lack of proper CSRF protection mechanisms (e.g., anti-CSRF tokens). An attacker can craft a malicious web page or email containing a hidden form or an image tag pointing to the signup endpoint of the vulnerable MLflow instance. When a legitimate, authenticated user of MLflow visits the attacker's crafted page, their browser automatically sends a request to the MLflow server, including their session cookies. Since the server does not verify a CSRF token, it processes this request as if it were legitimate, resulting in the creation of a new account under the attacker's control, or potentially linked to the victim's session depending on implementation.
What is the Impact of CVE-2025-1473?
Successful exploitation may allow attackers to create unauthorized user accounts, which can then be used to perform actions on the platform under the guise of an attacker-controlled identity, potentially leading to unauthorized data access, manipulation, or resource consumption.
What is the Exploitability of CVE-2025-1473?
Exploitation typically requires low complexity from the attacker's perspective, involving the creation of a malicious web page or email. The primary prerequisite is that a legitimate, authenticated user visits this malicious content. No direct authentication to the target MLflow application is needed for the attacker at the time of exploitation; rather, the victim's active session is leveraged. This is a remote exploitation scenario. Special conditions include luring a user to a malicious site. Risk factors that increase exploitation likelihood include a lack of user awareness about phishing and the absence of robust anti-CSRF tokens on relevant endpoints.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-1473?
Available Upgrade Options
- mlflow
- >2.17.0, <2.20.3 → Upgrade to 2.20.3
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628
- https://huntr.com/bounties/43dc50b6-7d1e-41b9-9f97-f28809df1d45
- https://huntr.com/bounties/43dc50b6-7d1e-41b9-9f97-f28809df1d45
- https://nvd.nist.gov/vuln/detail/CVE-2025-1473
- https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628
- https://github.com/mlflow/mlflow
- https://osv.dev/vulnerability/GHSA-969w-gqqr-g6j3
What are Similar Vulnerabilities to CVE-2025-1473?
Similar Vulnerabilities: CVE-2017-5639 , CVE-2018-8006 , CVE-2020-8193 , CVE-2021-2197 , CVE-2022-26138
