15 matches found
Improper Authentication
Milvus is vulnerable to Improper Authentication. The vulnerability is due to improper validation of the sourceID header in the Milvus Proxy component, which allows an attacker to bypass authentication and gain full administrative access to the Milvus cluster...
BIT-MILVUS-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
CVE-2025-64513
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
GO-2025-4114 Milvus Proxy has a Critical Authentication Bypass Vulnerability in github.com/milvus-io/milvus
Milvus Proxy has a Critical Authentication Bypass Vulnerability in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...
Milvus Proxy has a Critical Authentication Bypass Vulnerability
Impact What kind of vulnerability is it? Who is impacted? An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modif...
GHSA-MHJQ-8C7M-3F7P Milvus Proxy has a Critical Authentication Bypass Vulnerability
Impact What kind of vulnerability is it? Who is impacted? An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modif...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication through the Milvus Proxy component, which skips the source ID check. An attacker can gain full administrative access to the cluster, allowing them to read, modify, or delete data and perform privileged operations...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication through the Milvus Proxy component, which skips the source ID check. An attacker can gain full administrative access to the cluster, allowing them to read, modify, or delete data and perform privileged operations...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication through the Milvus Proxy component, which skips the source ID check. An attacker can gain full administrative access to the cluster, allowing them to read, modify, or delete data and perform privileged operations...
CVE-2025-64513
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
CVE-2025-64513
CVE-2025-64513 describes a critical authentication bypass in the Milvus Proxy component of Milvus. An unauthenticated attacker can bypass all authentication, gaining full administrative access to the Milvus cluster, with read/modify/delete of data and privileged operations such as database or col...
PT-2025-46212
Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.4.24 Milvus versions 2.5.0 through 2.5.20 Milvus versions 2.6.0 through 2.6.4 Description An unauthenticated attacker can bypass authentication mechanisms in the Milvus Proxy component, gaining full administrative...