CVE-2025-64513: Milvus Proxy has a Critical Authentication Bypass Vulnerability
What kind of vulnerability is it? Who is impacted? An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modify, or delete data, and to perform privileged administrative operations such as database or collection management. All users running affected Milvus versions are strongly advised to upgrade immediately.
References
- github.com/advisories/GHSA-mhjq-8c7m-3f7p
- github.com/milvus-io/milvus
- github.com/milvus-io/milvus/commit/6102f001a971c8c8055a4a4cae704442d5cab793
- github.com/milvus-io/milvus/pull/45379
- github.com/milvus-io/milvus/pull/45383
- github.com/milvus-io/milvus/pull/45391
- github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p
- nvd.nist.gov/vuln/detail/CVE-2025-64513
Code Behaviors & Features
Detect and mitigate CVE-2025-64513 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →