Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

🗓️ 26 Nov 2025 19:35:23Reported by GitHub Advisory DatabaseType

Critical remote code execution in Ray via DNS rebinding and browsers due to unauthenticated endpoints.

Reporter	Title	Published	Views	Family All 29
Chainguard	CVE-2025-62593 vulnerabilities	1 Dec 202519:44	–	cgr
Circl	CVE-2025-62593	26 Nov 202517:19	–	circl
CNNVD	Ray 跨站请求伪造漏洞	26 Nov 202500:00	–	cnnvd
CVE	CVE-2025-62593	26 Nov 202522:28	–	cve
Cvelist	CVE-2025-62593 Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack	26 Nov 202522:28	–	cvelist
EUVD	EUVD-2025-199754	26 Nov 202522:28	–	euvd
NVD	CVE-2025-62593	26 Nov 202523:15	–	nvd
OSV	CGA-9GR6-8JWM-Q9C2	29 Jan 202600:45	–	osv
OSV	CVE-2025-62593 Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack	26 Nov 202522:28	–	osv
OSV	GHSA-Q279-JHRF-CC6V Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack	26 Nov 202519:35	–	osv

Vulners

Node

ray_project rayRange<2.52.0pip

Source	Link
github	www.github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v
github	www.github.com/nccgroup/singularity/pull/68
github	www.github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09
docs	www.docs.ray.io/en/releases-2.51.1/ray-security/index.html
en	www.en.wikipedia.org/wiki/Malvertising
github	www.github.com/ray-project/ray/blob/e7889ae542bf0188610bc8b06d274cbf53790cbd/python/ray/dashboard/http_server_head.py
github	www.github.com/ray-project/ray/blob/f39a860436dca3ed5b9dfae84bd867ac10c84dc6/python/ray/dashboard/optional_utils.py
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-62593
github	www.github.com/advisories/GHSA-q279-jhrf-cc6v

01 Dec 2025 16:02Current

7.5High risk

Vulners AI Score7.5

CVSS 49.4

EPSS0.00013

SSVC