Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3)
Ddos 
Milvus, a leading open-source vector database that powers AI and large-scale search applications, has disclosed a critical authentication bypass vulnerability in its Proxy component. Tracked as CVE-2025-64513 and rated CVSS 9.3, the flaw allows unauthenticated attackers to gain administrative access and fully control affected Milvus deployments.
“An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster,” the Milvus team warned in its advisory.
The vulnerability impacts organizations that use Milvus to manage and query high-dimensional vector data — a key function in AI model retrieval, recommendation systems, and semantic search.
The Milvus Proxy acts as a gateway between clients and the Milvus cluster, handling authentication and routing requests to backend nodes. The vulnerability arises from improper authentication logic, allowing malicious actors to completely bypass login controls by manipulating a specific request header.
Once exploited, attackers can:
- Read, modify, or delete stored vectors and metadata.
- Perform privileged administrative operations, including creating or deleting databases and collections.
- Potentially compromise the integrity of AI-driven applications that depend on Milvus for model inference or retrieval.
“This grants the attacker the ability to read, modify, or delete data, and to perform privileged administrative operations such as database or collection management,” the advisory explained.
Given that Milvus clusters are often deployed in cloud or AI service environments, such access could lead to data poisoning, model manipulation, or complete service disruption.
The Milvus team confirmed that the issue has been fully patched and released updates across several supported versions:
| Version Branch | Fixed Release |
|---|---|
| 2.4.x | 2.4.24 |
| 2.5.x | 2.5.21 |
| 2.6.x | 2.6.5 |
For users who cannot immediately deploy an upgrade, the Milvus security team has provided a temporary mitigation. The workaround involves filtering or sanitizing the sourceID header in all inbound traffic before it reaches the Milvus Proxy.
“If immediate upgrade is not possible, a temporary mitigation can be applied by removing the sourceID header from all incoming requests at the gateway, API gateway, or load balancer level before they reach the Milvus Proxy,” the advisory recommended.
This measure blocks the authentication bypass vector, effectively neutralizing the exploit path until a permanent upgrade can be applied.
Donate