CVE-2025-11200
Published: 29 October 2025
Summary
CVE-2025-11200 is a critical-severity Weak Password Requirements (CWE-521) vulnerability in Lfprojects Mlflow. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 mandates management of authenticators including minimum password complexity and length requirements, directly preventing authentication bypass due to weak password handling in MLflow.
SI-2 requires timely identification, reporting, and correction of system flaws such as CVE-2025-11200 through application of vendor-provided patches.
CM-6 establishes and enforces secure configuration settings for MLflow, including strong authentication configurations to mitigate weak default password requirements.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in the public-facing MLflow platform, directly enabling initial access via exploitation of a public-facing application.
NVD Description
MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results…
more
from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.
Deeper analysisAI
CVE-2025-11200 is an authentication bypass vulnerability in MLflow stemming from weak password requirements. The flaw exists within the handling of passwords in affected installations of MLflow, allowing remote attackers to bypass authentication entirely, as no prior authentication is required to exploit it. This issue, previously tracked as ZDI-CAN-26916, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-521.
Remote attackers can exploit this vulnerability over the network with low complexity and no privileges. Successful exploitation enables bypassing authentication on the MLflow system, granting unauthorized access that could compromise confidentiality, integrity, and availability to a high degree.
Mitigation details are provided in the Zero Day Initiative advisory at https://www.zerodayinitiative.com/advisories/ZDI-25-932/ and a corresponding patch in the MLflow GitHub commit at https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54.
MLflow is a popular open-source platform for managing machine learning lifecycles, making this vulnerability particularly relevant to AI/ML deployments where tracking experiments and models occurs.
Details
- CWE(s)