Home > Vulnerability Database > CVE-2025-11200

Mend.io Vulnerability Database

CVE-2025-11200

Good to know:

Date: October 29, 2025

MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.

Severity Score

8.1

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11200

Url: https://www.zerodayinitiative.com/advisories/ZDI-25-932/

Url: https://github.com/mlflow/mlflow

Url: https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54

Url: https://www.zerodayinitiative.com/advisories/ZDI-25-932

Url: https://www.mend.io/vulnerability-database/CVE-2025-11200

Severity Score

8.1

Weakness Type (CWE)

Weak Password Requirements

CWE-521

Top Fix

Upgrade Version

Upgrade to version mlflow - 2.22.0;mlflow - 2.22.0;mlflow - 2.22.0;https://github.com/mlflow/mlflow.git - v2.22.0

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11200

Good to know:

Date: October 29, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?