Platform
go
Component
github.com/milvus-io/milvus
Fixed in
2.4.25
2.5.1
2.6.1
2.4.24
0.10.3-0.20251107071934-6102f001a971
CVE-2025-64513 describes a critical authentication bypass vulnerability affecting Milvus Proxy, a component of the Milvus vector database. This flaw allows attackers to circumvent authentication mechanisms, potentially gaining unauthorized access to sensitive data and system resources. Affected versions include those prior to v2.4.24, versions between v2.5.0 and v2.5.21, and versions before v2.6.5. A fix is available in version 0.10.3-0.20251107071934-6102f001a971.
The authentication bypass vulnerability in Milvus Proxy poses a significant risk. An attacker who successfully exploits this flaw can bypass authentication checks and gain full access to the Milvus cluster. This could lead to unauthorized data retrieval, modification, or deletion of vector embeddings and metadata. Furthermore, attackers could potentially leverage this access to execute arbitrary commands on the underlying infrastructure, leading to a complete system compromise. The impact is particularly severe given Milvus's use in applications involving sensitive data like AI models and personalized recommendations, where data integrity and confidentiality are paramount.
CVE-2025-64513 was publicly disclosed on 2025-11-17. The vulnerability's criticality (CVSS score of 9.5) indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been publicly released at the time of writing, the ease of exploiting an authentication bypass often leads to rapid PoC development and potential exploitation in the wild. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Milvus Proxy.
Exploit Status
EPSS
0.14% (34% percentile)
CISA SSVC
The primary mitigation for CVE-2025-64513 is to immediately upgrade Milvus Proxy to version 0.10.3-0.20251107071934-6102f001a971 or a later patched version. If an immediate upgrade is not feasible due to compatibility issues or downtime constraints, consider implementing temporary workarounds such as restricting network access to the Milvus Proxy service using firewalls or network segmentation. Review and strengthen existing authentication policies and access controls to minimize the potential impact of a successful exploit. Monitor Milvus Proxy logs for any suspicious activity or unauthorized access attempts. After upgrading, confirm the fix by attempting to access the Milvus Proxy service without proper authentication credentials; access should be denied.
Update Milvus to version 2.4.24, 2.5.21, or 2.6.5, or a later version. If immediate updating is not possible, apply a temporary mitigation by removing the sourceID header from all incoming requests at the gateway, API gateway, or load balancer level before they reach the Milvus proxy. This will prevent attackers from exploiting the authentication bypass behavior.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-64513 is a critical vulnerability in Milvus Proxy that allows attackers to bypass authentication, potentially gaining unauthorized access to the Milvus cluster.
You are affected if you are running Milvus Proxy versions before v2.4.24, between v2.5.0 and v2.5.21, or before v2.6.5.
Upgrade Milvus Proxy to version 0.10.3-0.20251107071934-6102f001a971 or a later patched version. Consider temporary workarounds if immediate upgrade is not possible.
While no public PoC exists yet, the vulnerability's criticality suggests a high probability of exploitation. Monitor threat intelligence feeds for updates.
Refer to the Milvus project's official security advisories and release notes on their GitHub repository: github.com/milvus-io/milvus.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.