CVE-2025-11200
Published: 29 October 2025
Summary
CVE-2025-11200 is a critical-severity Weak Password Requirements (CWE-521) vulnerability in Lfprojects Mlflow. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-11200 is an authentication bypass vulnerability in MLflow stemming from weak password requirements. The flaw exists within the handling of passwords in affected installations of MLflow, allowing remote attackers to bypass authentication entirely, as no prior authentication is required to exploit it. This issue, previously tracked as ZDI-CAN-26916, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-521.
Remote attackers can exploit this vulnerability over the network with low complexity and no privileges. Successful exploitation enables bypassing authentication on the MLflow system, granting unauthorized access that could compromise confidentiality, integrity, and availability to a high degree.
Mitigation details are provided in the Zero Day Initiative advisory at https://www.zerodayinitiative.com/advisories/ZDI-25-932/ and a corresponding patch in the MLflow GitHub commit at https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54.
MLflow is a popular open-source platform for managing machine learning lifecycles, making this vulnerability particularly relevant to AI/ML deployments where tracking experiments and models occurs.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-36706
Vulnerability details
MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results…
more
from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mlflow
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in the public-facing MLflow platform, directly enabling initial access via exploitation of a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
IA-5 mandates management of authenticators including minimum password complexity and length requirements, directly preventing authentication bypass due to weak password handling in MLflow.
SI-2 requires timely identification, reporting, and correction of system flaws such as CVE-2025-11200 through application of vendor-provided patches.
CM-6 establishes and enforces secure configuration settings for MLflow, including strong authentication configurations to mitigate weak default password requirements.