Cyber Resilience

CVE-2025-11200

Critical

Published: 29 October 2025

Published
29 October 2025
Modified
31 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0023 46.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11200 is a critical-severity Weak Password Requirements (CWE-521) vulnerability in Lfprojects Mlflow. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-11200 is an authentication bypass vulnerability in MLflow stemming from weak password requirements. The flaw exists within the handling of passwords in affected installations of MLflow, allowing remote attackers to bypass authentication entirely, as no prior authentication is required to exploit it. This issue, previously tracked as ZDI-CAN-26916, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-521.

Remote attackers can exploit this vulnerability over the network with low complexity and no privileges. Successful exploitation enables bypassing authentication on the MLflow system, granting unauthorized access that could compromise confidentiality, integrity, and availability to a high degree.

Mitigation details are provided in the Zero Day Initiative advisory at https://www.zerodayinitiative.com/advisories/ZDI-25-932/ and a corresponding patch in the MLflow GitHub commit at https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54.

MLflow is a popular open-source platform for managing machine learning lifecycles, making this vulnerability particularly relevant to AI/ML deployments where tracking experiments and models occurs.

EU & UK References

Vulnerability details

MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results…

more

from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mlflow

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an authentication bypass in the public-facing MLflow platform, directly enabling initial access via exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2652Same product: Lfprojects Mlflow
CVE-2025-15031Same product: Lfprojects Mlflow
CVE-2025-11201Same product: Lfprojects Mlflow
CVE-2026-0545Same product: Lfprojects Mlflow
CVE-2025-14287Same product: Lfprojects Mlflow
CVE-2026-0596Same product: Lfprojects Mlflow
CVE-2025-1473Same product: Lfprojects Mlflow
CVE-2024-8859Same product: Lfprojects Mlflow
CVE-2026-4035Same product: Lfprojects Mlflow
CVE-2025-0453Same product: Lfprojects Mlflow

Affected Assets

lfprojects
mlflow
≤ 2.21.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 mandates management of authenticators including minimum password complexity and length requirements, directly preventing authentication bypass due to weak password handling in MLflow.

prevent

SI-2 requires timely identification, reporting, and correction of system flaws such as CVE-2025-11200 through application of vendor-provided patches.

prevent

CM-6 establishes and enforces secure configuration settings for MLflow, including strong authentication configurations to mitigate weak default password requirements.

References