CVE-2025-45424

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-45424
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45424.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-45424
Published
2025-07-02T17:15:53.307Z
Modified
2026-03-13T11:36:30.342369Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.

References

Affected packages

Git / github.com/xorbitsai/inference

Affected ranges

Type
GIT
Repo
https://github.com/xorbitsai/inference
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ac88d425e3d5fc12166e22c4032286327871f5f2
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.0"
        }
    ]
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.10.0
v0.10.1
v0.10.2
v0.10.2.post1
v0.10.3
v0.11.0
v0.11.1
v0.11.2
v0.11.2.post1
v0.11.3
v0.12.0
v0.12.1
v0.12.2
v0.12.2.post1
v0.12.3
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0.post1
v0.14.1
v0.14.1.post1
v0.14.2
v0.14.3
v0.14.4
v0.14.4.post1
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.3.1
v0.7.4
v0.7.4.1
v0.7.5
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.3.1
v0.8.4
v0.8.5
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v1.*
v1.0.0
v1.0.1
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.3.0.post1
v1.3.0.post2
v1.3.1
v1.3.1.post1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45424.json"