- Description
- A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.
- Source
- security@huntr.dev
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- security@huntr.dev
- CWE-352
- Hype score
- Not currently trending
CVE-2025-1473 A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to crea… https://t.co/NBeF2noMom
@CVEnew
20 Mar 2025
248 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just scored two CVEs for MLflow!(CVE-2025-1473,CVE-2025-1474) MLflow is an open-source platform for managing machine learning workflows. I found a CSRF vulnerability that could’ve been nasty if exploited, and noticed the password policy was pretty weak too – had to call that out.
@krishnast54
20 Feb 2025
52 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
We are glad to share our security researcher Krishna Tiwari's achievement in getting two CVEs for AI/ML application - @MLflow . CVE-2025-1473 https://t.co/SE0fFb935M CVE-2025-1474 @ProtectAICorp #cybersecurity #infosec #AI #ml #CVE #research https://t.co/rrlVfjGO9Z
@defhawk_specter
20 Feb 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes