CVE-2025-15453

Name of the Vulnerable Software and Affected Versions milvus versions up to 2.6.7

Description A security issue has been identified in milvus. The expr.Exec function within the pkg/util/expr/expr.go file, associated with the HTTP Endpoint component, is susceptible to deserialization due to manipulation of the code argument. Remote exploitation is possible, and the exploit has been publicly disclosed.

Recommendations milvus versions prior to 2.6.8 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.