RCE in Ray-project Ray

CVE-2025-62593

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guar…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.000 (2.0th percentile) — read the EPSS interpretation.

Affected products

Ray-project Ray — versions < 2.52.0

Weakness classification (CWE)

References

https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v (x_refsource_CONFIRM)
https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09 (x_refsource_MISC)