Authentication Bypass Vulnerability in Milvus Vector Database
CVE-2025-64513
What is CVE-2025-64513?
CVE-2025-64513 is an authentication bypass vulnerability found in the Milvus Vector Database, a popular open-source database designed specifically for generative AI applications. This vulnerability allows unauthenticated attackers to bypass all authentication mechanisms present in the Milvus Proxy component. As a result, an attacker gains unauthorized administrative access to the Milvus cluster, enabling them to read, alter, or delete sensitive data. They can also execute privileged operations that could impact the integrity and availability of the database. Versions of Milvus prior to 2.4.24, 2.5.21, and 2.6.5 are vulnerable, emphasizing the need for users to upgrade to these fixed versions to protect against this significant security flaw.
Potential impact of CVE-2025-64513
-
Data Compromise: Unauthenticated access allows attackers to read sensitive data stored within the Milvus database, leading to potential data breaches and loss of confidential information.
-
Data Manipulation and Deletion: Attackers can modify or delete data, which can severely disrupt operations, lead to misinformation, and damage the trustworthiness of the data stored in the database.
-
Administrative Control: Full administrative rights enable attackers to perform critical operations such as management of databases and collections. This can result in unauthorized changes to database configurations, further complicating recovery efforts and contributing to prolonged system downtime.
Affected Version(s)
milvus < 2.4.24 < 2.4.24
milvus >= 2.5.0, < 2.5.21 < 2.5.0, 2.5.21
milvus >= 2.6.0, < 2.6.5 < 2.6.0, 2.6.5
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved