PT-2025-48224 · Anyscale · Anyscale Ray
Jonathan Leitschuh
·
Published
2025-11-27
·
Updated
2025-11-29
·
CVE-2025-34351
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Anyscale Ray version 2.52.0
Description
Anyscale Ray 2.52.0 has a default configuration where token-based authentication for Ray management interfaces, including the dashboard and Jobs API, is disabled unless explicitly enabled by setting the
RAY AUTH MODE variable to 'token'. Without authentication enabled, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. The API endpoint for job submission is vulnerable.Recommendations
Enable token authentication by setting the
RAY AUTH MODE variable to 'token' to protect the cluster from unauthorized access.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Anyscale Ray