CVE-2025-62593

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-62593

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62593.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62593

Aliases

GHSA-q279-jhrf-cc6v

Published

2025-11-26T22:28:28.577Z

Modified

2025-11-28T19:52:51.866896Z

Severity

9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator

Summary

Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Details

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.

Database specific

{
    "cwe_ids": [
        "CWE-352",
        "CWE-94"
    ]
}

References

Affected packages

Git / github.com/ray-project/ray

Affected ranges

Type: GIT
Repo: https://github.com/ray-project/ray
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9527a555280fb9837ce73dabf01559c20656a456

Affected versions

ray-0.*

ray-0.1.0

ray-0.1.1

ray-0.1.2

ray-0.2.0

ray-0.2.1

ray-0.2.2

ray-0.3.0

ray-0.3.1

ray-0.4.0

ray-0.5.0

ray-0.5.1

ray-0.5.2

ray-0.5.3

ray-0.6.0

ray-0.6.1

ray-0.6.2

ray-0.6.3

ray-0.6.4

ray-0.6.5

ray-0.7.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-62593-282ebc92",
        "target": {
            "file": "src/ray/common/grpc_util.h",
            "function": "GrpcStatusToRayStatusMessage"
        },
        "digest": {
            "length": 181.0,
            "function_hash": "56065427489371892619525388060605617577"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/ray-project/ray/commit/9527a555280fb9837ce73dabf01559c20656a456",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-62593-2adaa485",
        "target": {
            "file": "src/ray/rpc/tests/authentication_token_loader_test.cc"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "156321649133330348836255023392667957861",
                "187686088441040911899717510302785079379",
                "89813876109230308253544443877010497747",
                "99632896009449546360696432965733781380"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/ray-project/ray/commit/9527a555280fb9837ce73dabf01559c20656a456",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-62593-8f3b0cdd",
        "target": {
            "file": "src/ray/rpc/authentication/authentication_token_loader.cc",
            "function": "AuthenticationTokenLoader::GetToken"
        },
        "digest": {
            "length": 673.0,
            "function_hash": "75823841783107231163521423519702219723"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/ray-project/ray/commit/9527a555280fb9837ce73dabf01559c20656a456",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-62593-a4873797",
        "target": {
            "file": "src/ray/rpc/authentication/authentication_token_loader.cc",
            "function": "AuthenticationTokenLoader::LoadTokenFromSources"
        },
        "digest": {
            "length": 1490.0,
            "function_hash": "147826084863257049590841695557134866091"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/ray-project/ray/commit/9527a555280fb9837ce73dabf01559c20656a456",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-62593-b5427864",
        "target": {
            "file": "src/ray/rpc/tests/authentication_token_loader_test.cc",
            "function": "TEST_F"
        },
        "digest": {
            "length": 241.0,
            "function_hash": "185143459698944864454699673287079946684"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/ray-project/ray/commit/9527a555280fb9837ce73dabf01559c20656a456",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-62593-b78ea8aa",
        "target": {
            "file": "src/ray/rpc/authentication/authentication_token_loader.cc"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "55981934815664072277182319603385082475",
                "55020787688292329825949820372674609286",
                "328439321749483933289418425687142135994",
                "109914999312075412476131856172623007501",
                "311917845091523779450623273503685281047",
                "209545007263301770607483022253939733609",
                "129093700844374577887954630153787952048",
                "193966355669325908267635137830918721314",
                "226966524436132273445696724164412683306",
                "230255790019996256908594566692075301644",
                "179241724579205355626786593569095892590",
                "77794689314351937612441115641726070586",
                "96544262103981727874032439630571710166"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/ray-project/ray/commit/9527a555280fb9837ce73dabf01559c20656a456",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-62593-c7a69754",
        "target": {
            "file": "src/ray/common/grpc_util.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "223713345816532416578317420767597281837",
                "11710703943372767553884800224956220166",
                "257097648853779753674435958512350954280",
                "100728669205324127409911092731314576631",
                "166564555555711604673082396445192551897",
                "89353624891747849743119973619460487507",
                "214894037888368964399516614545161576114",
                "281526845555798729590991644874173061592",
                "274532670641196761758229557035955745114",
                "15076859543912094445759090077744031506",
                "45563035706227044537666284666902002943",
                "171055296073383646294417543470280629591",
                "191767493615250660371915332145324456182",
                "52954176278039638677280633667420640737",
                "309019326822652743944545588313022654702",
                "204984628221496325585492025556565344260",
                "228915387527576252717437741315834468428",
                "101641895008496513102952599901522421765",
                "123974331669826839767542947542186988814",
                "320193365277152872473331517711882532740",
                "172339991625498128802655668775163587065",
                "6015246145892119942420496511768374733",
                "181669222889194739518484940926343345981",
                "146834408267379224054169432503441489028",
                "58491158799069084186022283632257636282"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/ray-project/ray/commit/9527a555280fb9837ce73dabf01559c20656a456",
        "signature_version": "v1"
    }
]