{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T16:53:34.017","vulnerabilities":[{"cve":{"id":"CVE-2025-1474","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:54.037","lastModified":"2025-03-27T15:36:42.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0."},{"lang":"es","value":"En la versión 2.18 de mlflow/mlflow, un administrador puede crear una nueva cuenta de usuario sin establecer una contraseña. Esta vulnerabilidad podría generar riesgos de seguridad, ya que las cuentas sin contraseña podrían ser vulnerables a accesos no autorizados. Además, este problema infringe las prácticas recomendadas para la administración segura de cuentas de usuario. El problema se solucionó en la versión 2.19.0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-521"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*","versionEndExcluding":"2.19.0","matchCriteriaId":"424AC5C6-1433-408C-B56C-5F9DA30FB856"}]}]}],"references":[{"url":"https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}