Vulnerabilities

Update: CVE-2025-14279 - DNS Rebinding Vulnerability in mlflow/mlflow

2026-01-12 0 views admin

CVE ID : CVE-2025-14279 Published : Jan. 12, 2026, 9:15 a.m. | 1 hour, 13 minutes ago Description : MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-14279

Severity

HIGH

Published

Jan. 12, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14279high

Update: CVE-2025-14279 - DNS Rebinding Vulnerability in mlflow/mlflow

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-40975 - Multiple vulnerabilities in WorkDo products - Guide

CVE-2025-40976 - Multiple vulnerabilities in WorkDo products - Full Analysis

CVE-2025-40977 - Multiple vulnerabilities in WorkDo products

Update: CVE-2025-40978 - Multiple vulnerabilities in WorkDo products

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting