CWE-410

Insufficient Resource Pool

The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.

CVE-2025-0453 (GCVE-0-2025-0453)
Vulnerability from cvelistv5
Published
2025-03-20 10:11
Modified
2025-10-15 12:50
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-410 - Insufficient Resource Pool
Summary
In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.
References
Impacted products
Vendor Product Version
mlflow mlflow/mlflow Version: unspecified   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0453",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T15:51:13.787242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T15:51:25.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mlflow/mlflow",
          "vendor": "mlflow",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410 Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T12:50:04.768Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b"
        }
      ],
      "source": {
        "advisory": "788327ec-714a-4d5c-83aa-8df04dd7612b",
        "discovery": "EXTERNAL"
      },
      "title": "Denial of Service through Batched Queries in GraphQL in mlflow/mlflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2025-0453",
    "datePublished": "2025-03-20T10:11:02.779Z",
    "dateReserved": "2025-01-13T23:25:07.844Z",
    "dateUpdated": "2025-10-15T12:50:04.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}
Mitigation

Phase: Architecture and Design

Description:

  • Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests.
Mitigation

Phase: Architecture and Design

Description:

  • Consider implementing a velocity check mechanism which would detect abusive behavior.
Mitigation

Phase: Operation

Description:

  • Consider load balancing as an option to handle heavy loads.
Mitigation

Phase: Implementation

Description:

  • Make sure that resource handles are properly closed when no longer needed.
Mitigation

Phase: Architecture and Design

Description:

  • Identify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).

No CAPEC attack patterns related to this CWE.

Back to CWE stats page