What is CVE-2024-25723?

CVE-2024-25723 is a vulnerability in N/a. Published 2024-02-27.

Is CVE-2024-25723 known to be exploited?

26 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-25723

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with…

EPSS: 0.896 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

david-botelho-mariano/exploit-CVE-2024-25723
12442RF/POC
20142995/nuclei-templates
AboSteam/POPC
DMW11525708/wiki
Lern0n/Lernon-POC
Linxloop/fork_
Warren-Jace/poc-doc
WhosGa/MyWiki
Yuan08o/pocs

References

github.com/zenml-io/zenml
www.zenml.io/blog/critical-security-update-for-zenml-users
github.com/zenml-io/zenml/compare/0.44.3...0.44.4
github.com/zenml-io/zenml/compare/0.43.0...0.43.1
github.com/zenml-io/zenml/compare/0.42.1...0.42.2

Frequently asked questions

What is CVE-2024-25723?: CVE-2024-25723 is a vulnerability in N/a. Published 2024-02-27.
Is CVE-2024-25723 known to be exploited?: 26 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.