By rssfeeds-admin The vulnerability, tracked as CVE-2025-64513, allows unauthenticated attackers to forge HTTP headers and completely circumvent authorization checks, gaining full administrative access to the system without providing valid credentials.
The Core Issue: Header-Based Trust Exploitation
Milvus Proxy implements a flawed authentication mechanism that trusts a user-controlled HTTP header. sourceId.
Instead of following standard authentication protocols, the vulnerable code base64-decodes this header value and compares it against a hardcoded constant (@@milvus-member@@).
This critical design flaw enables attackers to forge the header with the encoded constant, thereby bypassing all authorization checks.
Once the validation passes, requests are treated as coming from an internal component, granting unrestricted administrative privileges.
The vulnerability stems from misplaced trust in user-supplied input rather than from properly leveraging authentication frameworks such as username/password combinations or API keys.
CVE-2025-64513: Milvus Proxy Authentication Bypass Vulnerability Details
The vulnerability impacts multiple Milvus release branches. Affected versions include Milvus 2.4.0 through 2.4.23, versions 2.5.0 through 2.5.20, and releases 2.6.0 through 2.6.4.
Organizations running any of these versions with authentication enabled are at immediate risk. The vulnerability is particularly dangerous because it requires no special privileges or complex exploitation techniques; a simple HTTP request with a crafted header is sufficient to compromise the entire system.
The attack exploits a fundamental flaw in the authentication flow logic. When a request arrives at the Proxy with the forged sourceId header, the validSourceID function returns true, allowing the authentication interceptor to bypass standard user verification entirely.
This grants attackers management-level access to critical database operations, including querying vectors, inserting data, and modifying database configurations.
Proof-of-concept demonstrations show successful authentication bypasses against standard administrative functions like GetVersion, CheckHealth, and ListDatabases—operations that should require valid credentials.
The Milvus development team has released patches removing the flawed trust-based logic entirely. Updated versions require all requests to pass through standard authentication mechanisms regardless of header values.
Organizations should immediately upgrade to patched versions: 2.4.24 or later, 2.5.21 or later, or 2.6.5 or later.
In environments where immediate patching is not feasible, administrators should disable authentication only as a temporary measure and implement network-level access controls restricting traffic to the Milvus Proxy service.
Affected organizations should prioritize patching immediately, given the vulnerability’s critical severity and ease of exploitation.
Additionally, organizations should audit access logs for suspicious sourceId header usage patterns during the window of exposure, implement monitoring for authentication bypass attempts, and consider implementing Web Application Firewall (WAF) rules to detect forged header patterns.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Milvus Proxy Vulnerability Lets Attackers Forge Headers and Bypass Authorization Checks appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.