CVE-2025-14279 Overview
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation.
Critical Impact
Attackers can exploit this DNS rebinding vulnerability to bypass browser security controls and perform unauthorized operations against MLFlow REST APIs, potentially compromising machine learning experiments, models, and sensitive training data.
Affected Products
- MLFlow versions up to and including 3.4.0
- MLFlow REST server deployments without Origin header validation
- Organizations running MLFlow in environments accessible from web browsers
Discovery Timeline
- 2026-01-12 - CVE CVE-2025-14279 published to NVD
- 2026-01-13 - Last updated in NVD database
Technical Details for CVE-2025-14279
Vulnerability Analysis
This vulnerability (CWE-346: Origin Validation Error) exists because the MLFlow REST server fails to properly validate the Origin header in incoming HTTP requests. DNS rebinding is a technique that allows an attacker to circumvent the browser's Same-Origin Policy by manipulating DNS responses to redirect a victim's browser to make requests to internal or localhost services.
When a user visits a malicious website, the attacker can leverage DNS rebinding to trick the browser into sending requests to the MLFlow server running on the victim's machine or internal network. Since the server does not validate the Origin header, it processes these requests as legitimate, allowing the attacker to interact with the REST API endpoints.
The vulnerability affects the core REST API functionality of MLFlow, enabling attackers to perform CRUD operations on experiments, runs, and potentially models. This poses significant risks to machine learning operations including data integrity, confidentiality of training data, and overall experiment management.
Root Cause
The root cause is the absence of Origin header validation in the MLFlow REST server's request handling logic. Without proper validation, the server cannot distinguish between legitimate requests from authorized origins and malicious requests originating from attacker-controlled domains via DNS rebinding. The fix implemented in version 3.5.0 introduces proper Origin header checks to prevent unauthorized cross-origin requests.
Attack Vector
The attack requires user interaction where a victim must visit a malicious website while having access to an MLFlow server. The attacker controls a domain with a short TTL (Time-To-Live) DNS record. When the victim visits the malicious site, the attacker's JavaScript initially resolves to the attacker's server but then rebinds to the victim's local MLFlow server address. The browser, believing it's still communicating with the original domain, sends requests to the MLFlow server without triggering Same-Origin Policy violations.
The vulnerability is exploitable over the network with low attack complexity. While it does not directly impact availability, it can lead to high confidentiality and integrity impacts through unauthorized data access and modification of ML experiments.
Detection Methods for CVE-2025-14279
Indicators of Compromise
- Unusual cross-origin requests to MLFlow REST API endpoints from unexpected domains
- MLFlow API calls originating from browser contexts when typical usage is programmatic
- Unexpected modifications to experiments, runs, or models without corresponding user activity
- Network traffic showing DNS queries with unusually short TTL values targeting internal services
Detection Strategies
- Monitor MLFlow access logs for requests with suspicious or missing Origin/Referer headers
- Implement network-level monitoring to detect DNS rebinding patterns (rapid DNS TTL changes)
- Deploy web application firewalls configured to validate Origin headers on MLFlow endpoints
- Set up anomaly detection for MLFlow API usage patterns that deviate from baseline behavior
Monitoring Recommendations
- Enable detailed request logging on MLFlow servers to capture Origin and Host headers
- Configure SIEM rules to alert on cross-origin requests to MLFlow REST endpoints
- Implement real-time monitoring of experiment and model modifications with user attribution
- Deploy endpoint detection solutions to identify malicious JavaScript executing DNS rebinding attacks
How to Mitigate CVE-2025-14279
Immediate Actions Required
- Upgrade MLFlow to version 3.5.0 or later which includes the security fix
- Restrict network access to MLFlow servers using firewall rules to trusted IP ranges only
- Implement reverse proxy configurations with strict Origin header validation
- Audit recent MLFlow activity for signs of unauthorized access or data manipulation
Patch Information
The vulnerability is resolved in MLFlow version 3.5.0. The fix introduces proper Origin header validation in the REST server to prevent DNS rebinding attacks. The security patch can be reviewed in the GitHub commit. Additional details about the vulnerability disclosure are available through the Huntr bug bounty listing.
Workarounds
- Deploy MLFlow behind a reverse proxy that enforces strict Origin header validation
- Configure host-based firewalls to restrict MLFlow server access to specific trusted hosts
- Disable browser-based access to MLFlow and require API-key authentication for all requests
- Implement network segmentation to isolate MLFlow servers from user browsing environments
- Use VPN or private networks to access MLFlow deployments, reducing exposure to DNS rebinding
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
