CVE Daily

CVE-2025-1473

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature o...

High CVSS 7.1

Overview

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.

CWE: CWE-352 Published: 2025-03-20T10:15:53.903
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.1 (HIGH)
  • Detected tags: csrf (tag impact: MODERATE)

Recommended actions:

  • CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Recommended tools

Tags