Medium severity6.3NVD Advisory· Published Jan 5, 2026· Updated Apr 29, 2026

CVE-2025-15453

Description

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8.

Affected products

Milvus Io/Milvusreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/milvus-io/milvus/issues/46442nvd
github.com/milvus-io/milvus/issues/46442nvd
github.com/milvus-io/milvus/issues/46442nvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000