CNNVD-202511-890 Information

CNNVD ID

CNNVD-202511-890

Related CVE

CVE-2025-64513

• CNNVD Published: 2025-11-10

Description (Chinese)

milvus是The Milvus Project开源的一个高性能的云原生矢量数据库。 Milvus 2.4.24之前版本、2.5.21之前版本和2.6.5之前版本存在授权问题漏洞，该漏洞源于Milvus Proxy组件中存在认证机制绕过问题，可能导致攻击者获得完全管理权限。

Description (English)

Milvus is a high-performance cloud vehicular vector database from the Milvus Project open source. There is a mandate gap in the previous Milvus 2.4.24, 2.5.21 and 2.6.5 versions, which stems from the problem of circumvention of the certification mechanism in the Milvus Proxy component, which could lead to full regulatory authority for the attackers.

Hazard Level

Low

Vulnerability Type

授权问题

Affected Vendor

The Milvus Project

Published

2025-11-10

Last Modified

2026-02-24

References

https://github.com/milvus-io/milvus/pull/45379 https://github.com/milvus-io/milvus/pull/45391 https://github.com/milvus-io/milvus/pull/45383 https://github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p https://access.redhat.com/security/cve/cve-2025-64513

Patch

https://milvus.io/zh