Is CVE-2025-0453 actively exploited?

CVE-2025-0453 has no public evidence of in-the-wild exploitation as of 2025-10-15.

What is the CVSS score for CVE-2025-0453?

CVE-2025-0453 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2025-0453?

Patch guidance is available from lfprojects security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-0453.

Fix CVE-2025-0453 - HIGH lfprojects mlflow

Description

In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-410NVD-CWE-noinfo

Metadata

Primary Vendor: LFPROJECTS
Published: 3/20/2025
Last Modified: 10/15/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

lfprojects : mlflow

Remediation Guidance

Executive Summary

Cite this page

CVE-2025-0453. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-0453

View on NIST NVD

CVE-2025-0453 vulnerability