VYPR
Medium severity5.8OSV Advisory· Published Jun 23, 2025· Updated Apr 15, 2026

CVE-2025-52967

CVE-2025-52967

Description

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mlflowPyPI
>= 3.0.0rc0, < 3.1.03.1.0
mlflowPyPI
< 2.22.22.22.2

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.