Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

The impact of CVE-2025-62593 is severe. An attacker can leverage this RCE vulnerability to gain complete control over the Ray cluster. This includes the ability to execute arbitrary commands, access sensitive data stored within the cluster, and potentially pivot to other systems on the network. The lack of authentication on /api/jobs and /api/job_agent/jobs/ endpoints makes exploitation relatively straightforward, particularly for attackers with access to a web browser. This vulnerability mirrors previous security concerns around Ray's endpoint security, highlighting the ongoing need for robust authentication mechanisms. The development context of the vulnerability means that developers using Ray for local testing or prototyping are also at significant risk.

Developers and organizations utilizing Ray for machine learning and distributed computing are at risk. Specifically, those running Ray in development environments or on shared infrastructure are particularly vulnerable due to the ease of exploitation via web browsers. Organizations with legacy Ray deployments or those who have not implemented robust network security controls are also at increased risk.

• python / ray: Monitor Ray cluster logs for unusual activity, particularly requests to /api/jobs and /api/job_agent/jobs/ without valid authentication tokens.

# Example: Check for requests without authentication
import re
with open('/path/to/ray/logs/access.log', 'r') as f:
    for line in f:
        if re.search(r'/api/jobs.*without authentication', line):
            print(f'Potential exploit attempt: {line}')

• generic web: Use curl or wget to attempt accessing the /api/jobs and /api/job_agent/jobs/ endpoints without authentication. A successful access indicates a potential vulnerability.

curl -v http://<ray_cluster_ip>/api/jobs

1. 2025-11-26Disclosure

   disclosure

2. 2025-11-26Patch

   patch

1. Réservé2025-10-16
2. Publiée2025-11-26
3. Modifiée2026-02-04
4. EPSS mis à jour2026-03-23

The primary mitigation for CVE-2025-62593 is to immediately upgrade to Ray version 2.52.0 or later, which addresses the authentication deficiency. If upgrading is not immediately feasible, consider implementing a reverse proxy or WAF in front of the Ray cluster to enforce authentication on the vulnerable endpoints. While this is not a complete solution, it can significantly reduce the attack surface. Carefully review Ray's security documentation and consider implementing stricter network segmentation to limit the potential blast radius of a successful exploit. After upgrading, verify the fix by attempting to access the /api/jobs and /api/job_agent/jobs/ endpoints without proper authentication; access should be denied.