x/vulndb: potential Go vuln in github.com/milvus-io/milvus: GHSA-mhjq-8c7m-3f7p #4114
Description
Advisory GHSA-mhjq-8c7m-3f7p references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/milvus-io/milvus |
Description:
Impact
What kind of vulnerability is it? Who is impacted?
An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster.
This grants the attacker the ability to read, modify, or delete data, and to perform privileged administrative operations such as database or collection management.
All users running affected Milvus versions are strongly advised to upgrade immediately.
Patches
Has the problem been patched? What versions should users upgrade to?
This issue ...
References:
- ADVISORY: GHSA-mhjq-8c7m-3f7p
- ADVISORY: GHSA-mhjq-8c7m-3f7p
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-64513
- FIX: milvus-io/milvus@6102f00
- FIX: enhance: [2.6] skip check source id milvus-io/milvus#45379
- FIX: enhance: [2.5] skip check source id milvus-io/milvus#45383
- FIX: enhance: [2.4] skip check source id milvus-io/milvus#45391
No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/milvus-io/milvus
versions:
- fixed: 0.10.3-0.20251107071934-6102f001a971
- introduced: 0.10.4
non_go_versions:
- fixed: 2.4.24
- introduced: 2.5.0
- fixed: 2.5.21
- introduced: 2.6.0
- fixed: 2.6.5
vulnerable_at: 1.1.1
summary: Milvus Proxy has a Critical Authentication Bypass Vulnerability in github.com/milvus-io/milvus
cves:
- CVE-2025-64513
ghsas:
- GHSA-mhjq-8c7m-3f7p
references:
- advisory: https://github.com/advisories/GHSA-mhjq-8c7m-3f7p
- advisory: https://github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-64513
- fix: https://github.com/milvus-io/milvus/commit/6102f001a971c8c8055a4a4cae704442d5cab793
- fix: https://github.com/milvus-io/milvus/pull/45379
- fix: https://github.com/milvus-io/milvus/pull/45383
- fix: https://github.com/milvus-io/milvus/pull/45391
source:
id: GHSA-mhjq-8c7m-3f7p
created: 2025-11-13T16:01:12.769852558Z
review_status: UNREVIEWED