CVE-2025-15453 milvus HTTP Endpoint expr.go expr.Exec deserialization

🗓️ 05 Jan 2026 02:32:06Reported by VulDBType

CVE-2025-15453 Milvus up to 2.6.7 deserialization via expr.Exec; exploit disclosed; fix in 2.6.8.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-15453	5 Jan 202605:05	–	circl
CNNVD	milvus 代码问题漏洞	5 Jan 202600:00	–	cnnvd
CVE	CVE-2025-15453	5 Jan 202602:32	–	cve
EUVD	EUVD-2026-0922	5 Jan 202602:32	–	euvd
NVD	CVE-2025-15453	5 Jan 202603:15	–	nvd
Positive Technologies	PT-2026-1207	5 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-15453	6 Jan 202602:49	–	redhatcve
Snyk	Remote Code Execution (RCE)	5 Jan 202603:40	–	snyk
Snyk	Remote Code Execution (RCE)	5 Jan 202603:40	–	snyk
Snyk	Remote Code Execution (RCE)	5 Jan 202603:40	–	snyk

[
  {
    "vendor": "n/a",
    "product": "milvus",
    "versions": [
      {
        "version": "2.6.0",
        "status": "affected"
      },
      {
        "version": "2.6.1",
        "status": "affected"
      },
      {
        "version": "2.6.2",
        "status": "affected"
      },
      {
        "version": "2.6.3",
        "status": "affected"
      },
      {
        "version": "2.6.4",
        "status": "affected"
      },
      {
        "version": "2.6.5",
        "status": "affected"
      },
      {
        "version": "2.6.6",
        "status": "affected"
      },
      {
        "version": "2.6.7",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP Endpoint"
    ]
  }
]

Source	Link
github	www.github.com/milvus-io/milvus/issues/46442
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/milvus-io/milvus/milestone/139
github	www.github.com/milvus-io/milvus/issues/46442
vuldb	www.vuldb.com/
github	www.github.com/milvus-io/milvus/issues/46442

23 Feb 2026 08:16Current

CVSS 45.3

CVSS 3.16.3

CVSS 36.3

CVSS 26.5

EPSS0.00316