GHSA-gx77-xgc2-4888
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gx77-xgc2-4888
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-gx77-xgc2-4888/GHSA-gx77-xgc2-4888.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gx77-xgc2-4888
- Aliases
-
- CVE-2025-34351
- Published
- 2025-11-27T03:30:26Z
- Modified
- 2025-12-01T21:12:55.671827Z
- Severity
-
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Ray's New Token Authentication is Disabled By Default
- Details
-
Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access.
- Database specific
{ "nvd_published_at": "2025-11-27T03:15:58Z", "github_reviewed": true, "github_reviewed_at": "2025-12-01T20:51:10Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-1188", "CWE-304" ] }- References
-
- https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-w8vc-465m-jjw6
- https://nvd.nist.gov/vuln/detail/CVE-2025-34351
- https://docs.ray.io/en/latest/ray-security/token-auth.html
- https://github.com/ray-project/ray
- https://github.com/ray-project/ray/releases/tag/ray-2.52.0
- https://www.cve.org/resourcessupport/allresources/cnarules#section_4-1_Vulnerability_Determination
- https://www.linkedin.com/posts/jonathan-leitschuh_the-latest-piece-of-mind-bending-research-activity-7396976425997606912-qizE
- https://www.oligo.security/blog/shadowray-2-0-attackers-turn-ai-against-itself-in-global-campaign-that-hijacks-ai-into-self-propagating-botnet
- https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
- https://www.vulncheck.com/advisories/anyscale-ray-token-authentication-disabled-by-default-insecure-configuration
Affected packages
PyPI / ray
Package
- Name
- ray
- View open source insights on deps.dev
- Purl
- pkg:pypi/ray
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected2.52.0
Affected versions
0.*
0.1.1
0.1.2
0.2.0
0.2.1
0.2.2
0.3.0
0.3.1
0.4.0
0.5.0
0.5.2
0.5.3
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
1.*
1.0.0rc0
1.0.0rc1
1.0.0rc2
1.0.0
1.0.1
1.0.1.post1
1.1.0
1.2.0
1.3.0
1.4.0rc1
1.4.0rc2
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.7.0rc0
1.7.0
1.7.1
1.8.0
1.9.0rc1
1.9.0rc2
1.9.0
1.9.1rc0
1.9.1
1.9.2
1.10.0rc0
1.10.0
1.11.0rc0
1.11.0rc1
1.11.0
1.11.1
1.12.0rc1
1.12.0
1.12.1
1.13.0
2.*
2.0.0rc0
2.0.0rc1
2.0.0
2.0.1
2.1.0
2.2.0
2.3.0rc0
2.3.0
2.3.1
2.4.0
2.5.0
2.5.1
2.6.0
2.6.1
2.6.2
2.6.3
2.7.0rc0
2.7.0
2.7.1
2.7.2
2.8.0
2.8.1
2.9.0
2.9.1
2.9.2
2.9.3
2.10.0
2.11.0
2.12.0
2.20.0
2.21.0
2.22.0
2.23.0
2.24.0
2.30.0
2.31.0
2.32.0rc0
2.32.0
2.33.0
2.34.0
2.35.0
2.36.0
2.36.1
2.37.0
2.38.0
2.39.0
2.40.0
2.41.0
2.42.0
2.42.1
2.43.0
2.44.0
2.44.1
2.45.0
2.46.0
2.47.0
2.47.1
2.48.0
2.49.0
2.49.1
2.49.2
2.50.0
2.50.1
2.51.0
2.51.1
2.51.2
2.52.0