Plattform
go
Komponente
github.com/milvus-io/milvus
Behoben in
2.4.25
2.5.1
2.6.1
2.4.24
0.10.3-0.20251107071934-6102f001a971
CVE-2025-64513 describes a critical authentication bypass vulnerability affecting Milvus Proxy, a component of the Milvus vector database. This flaw allows attackers to circumvent authentication mechanisms, potentially gaining unauthorized access to sensitive data and system resources. Affected versions include those prior to v2.4.24, versions between v2.5.0 and v2.5.21, and versions before v2.6.5. A fix is available in version 0.10.3-0.20251107071934-6102f001a971.
The authentication bypass vulnerability in Milvus Proxy poses a significant risk. An attacker who successfully exploits this flaw can bypass authentication checks and gain full access to the Milvus cluster. This could lead to unauthorized data retrieval, modification, or deletion of vector embeddings and metadata. Furthermore, attackers could potentially leverage this access to execute arbitrary commands on the underlying infrastructure, leading to a complete system compromise. The impact is particularly severe given Milvus's use in applications involving sensitive data like AI models and personalized recommendations, where data integrity and confidentiality are paramount.
CVE-2025-64513 was publicly disclosed on 2025-11-17. The vulnerability's criticality (CVSS score of 9.5) indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been publicly released at the time of writing, the ease of exploiting an authentication bypass often leads to rapid PoC development and potential exploitation in the wild. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Milvus Proxy.
Organizations deploying Milvus for vector database management, particularly those handling sensitive data or operating in high-security environments, are at significant risk. This includes companies utilizing Milvus for AI applications, recommendation engines, and search functionalities. Specifically, deployments using older versions of Milvus Proxy (before v2.4.24, v2.5.0 before v2.5.21, and v2.6.0 before v2.6.5) are immediately vulnerable.
• linux / server:
journalctl -u milvus-proxy -f | grep -i "unauthorized access"• generic web:
curl -I <milvus_proxy_url>Inspect the response headers for any unusual or unexpected authentication-related fields. • go: Review the Milvus Proxy source code (github.com/milvus-io/milvus) for any instances of insecure authentication handling or bypass logic, particularly around the authentication middleware.
disclosure
patch
Exploit-Status
EPSS
0.14% (34% Perzentil)
CISA SSVC
The primary mitigation for CVE-2025-64513 is to immediately upgrade Milvus Proxy to version 0.10.3-0.20251107071934-6102f001a971 or a later patched version. If an immediate upgrade is not feasible due to compatibility issues or downtime constraints, consider implementing temporary workarounds such as restricting network access to the Milvus Proxy service using firewalls or network segmentation. Review and strengthen existing authentication policies and access controls to minimize the potential impact of a successful exploit. Monitor Milvus Proxy logs for any suspicious activity or unauthorized access attempts. After upgrading, confirm the fix by attempting to access the Milvus Proxy service without proper authentication credentials; access should be denied.
Actualice Milvus a la versión 2.4.24, 2.5.21 o 2.6.5, o a una versión posterior. Si la actualización inmediata no es posible, aplique una mitigación temporal eliminando el encabezado sourceID de todas las solicitudes entrantes en la puerta de enlace, la puerta de enlace API o el nivel del equilibrador de carga antes de que lleguen al proxy de Milvus. Esto evitará que los atacantes exploten el comportamiento de omisión de autenticación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-64513 is a critical vulnerability in Milvus Proxy that allows attackers to bypass authentication, potentially gaining unauthorized access to the Milvus cluster.
You are affected if you are running Milvus Proxy versions before v2.4.24, between v2.5.0 and v2.5.21, or before v2.6.5.
Upgrade Milvus Proxy to version 0.10.3-0.20251107071934-6102f001a971 or a later patched version. Consider temporary workarounds if immediate upgrade is not possible.
While no public PoC exists yet, the vulnerability's criticality suggests a high probability of exploitation. Monitor threat intelligence feeds for updates.
Refer to the Milvus project's official security advisories and release notes on their GitHub repository: github.com/milvus-io/milvus.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.