CVE-2024-25723

HIGH NUCLEI

ZenML ZenML Server - Improper Authentication

Title source: nuclei

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-25723. PoCs published by david-botelho-mariano. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2024-25723, an authentication bypass vulnerability in ZenML. The exploit allows an attacker to reset the password of any user account by leveraging an insecure API endpoint.

Description

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.

Exploits (1)

nomisec WORKING POC 4 stars

by david-botelho-mariano · poc

https://github.com/david-botelho-mariano/exploit-CVE-2024-25723

View Code ZIP pw:eip

This repository contains a working PoC for CVE-2024-25723, an authentication bypass vulnerability in ZenML. The exploit allows an attacker to reset the password of any user account by leveraging an insecure API endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZenML versions below 0.46.7 (excluding patched versions 0.44.4, 0.43.1, 0.42.2)

No auth needed

Prerequisites: Network access to the ZenML server · Knowledge of at least one valid username (or a list of common usernames for brute-forcing)

MITRE ATT&CK

T1110.001 - Password Guessing T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

ZenML ZenML Server - Improper Authentication

CRITICALVERIFIEDby David Botelho Mariano

Shodan: http.favicon.hash:-2028554187

FOFA: body="ZenML"

References (5)

Core 5

Core References

Product

https://github.com/zenml-io/zenml

Product

https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2

Product

https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1

Product

https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4

Vendor Advisory

https://www.zenml.io/blog/critical-security-update-for-zenml-users

Scores

CVSS v3 8.8

EPSS 0.8964

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (3)

pypi/zenml 0 - 0.42.2PyPI

zenml/zenml 0.43.0

zenml/zenml < 0.42.2

Published Feb 27, 2024

Tracked Since Feb 18, 2026