CVE-2025-52967 Information

Description

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

Reference

https://github.com/mlflow/mlflow/issues/15944 https://github.com/mlflow/mlflow/pull/15970 https://github.com/mlflow/mlflow/releases/tag/v3.1.0

Related CNNVD

CNNVD-202508-2011 (Published: 2025-08-18)