{ "threat_severity" : "Important", "public_date" : "2025-11-26T22:28:28Z", "bugzilla" : { "description" : "ray: Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack", "id" : "2417394", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2417394" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-94", "details" : [ "Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string \"Mozilla\" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.", "A flaw was found in Ray’s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with “Mozilla”, which can be manipulated under the fetch specification — enabling a DNS-rebinding attack to bypass browser-based protections." ], "statement" : "Red Hat has chosen to keep this as Important instead of Critical severity because the successful exploitation of this vulnerability requires user interaction in conjunction with a DNS rebinding attack.", "affected_release" : [ { "product_name" : "Red Hat AI Inference Server 3.2", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23078", "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9", "package" : "rhaiis/vllm-cuda-rhel9:3.2.2-1765379088" }, { "product_name" : "Red Hat AI Inference Server 3.2", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23079", "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9", "package" : "rhaiis/vllm-rocm-rhel9:3.2.2-1765379049" }, { "product_name" : "Red Hat AI Inference Server 3.2", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23080", "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9", "package" : "rhaiis/model-opt-cuda-rhel9:3.2.2-1764871796" }, { "product_name" : "Red Hat AI Inference Server 3.2", "release_date" : "2025-12-15T00:00:00Z", "advisory" : "RHSA-2025:23204", "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9", "package" : "rhaiis/vllm-cuda-rhel9:3.2.5-1765552580" }, { "product_name" : "Red Hat AI Inference Server 3.2", "release_date" : "2026-02-27T00:00:00Z", "advisory" : "RHSA-2026:3461", "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9", "package" : "rhaiis/vllm-cuda-rhel9:1772160593" }, { "product_name" : "Red Hat AI Inference Server 3.2", "release_date" : "2026-02-27T00:00:00Z", "advisory" : "RHSA-2026:3462", "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9", "package" : "rhaiis/vllm-rocm-rhel9:1772160625" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23531", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-kserve-agent-rhel9:v2.25.1-1765613316" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23531", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-kserve-controller-rhel9:v2.25.1-1765613316" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23531", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-kserve-router-rhel9:v2.25.1-1765613316" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23531", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-kserve-storage-initializer-rhel9:v2.25.1-1765326513" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-vllm-gaudi-rhel9:1770956034" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Will not fix", "package_name" : "rhelai3/bootc-aws-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Will not fix", "package_name" : "rhelai3/bootc-azure-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Will not fix", "package_name" : "rhelai3/bootc-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Will not fix", "package_name" : "rhelai3/bootc-gcp-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-model-registry-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-vllm-cuda-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-62593\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-62593\nhttps://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09\nhttps://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v" ], "name" : "CVE-2025-62593", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }