CVE-2025-52967 | MLflow up to 3.0.x gateway_proxy_handler Validator server-side request forgery (ID 15944)

A vulnerability classified as critical has been found in MLflow up to 3.0.x. Affected is an unknown function of the component gateway_proxy_handler Validator. The manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2025-52967. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More