Cybersecurity Vulnerabilities

CVE-2025-34351: Critical Vulnerability in Anyscale Ray Exposes Clusters to Remote Code Execution

November 27, 2025 - By 

Overview

CVE-2025-34351 is a critical vulnerability affecting Anyscale Ray version 2.52.0. This vulnerability stems from an insecure default configuration where token-based authentication for Ray management interfaces, including the dashboard and Jobs API, is disabled. Without proper authentication, a remote attacker with network access can submit jobs and execute arbitrary code on the Ray cluster.

Technical Details

Anyscale Ray is a popular framework for scaling AI and Python applications. In version 2.52.0, the default configuration does not enforce token-based authentication. Unless the `RAY_AUTH_MODE` environment variable is explicitly set to `token`, the management interfaces are left exposed and unauthenticated. This lack of authentication allows unauthorized users to interact with the Ray cluster’s API, giving them the ability to submit malicious jobs that can execute arbitrary code on the underlying infrastructure.

The vulnerability exists because the system relies on the user to explicitly enable a critical security feature. Without this explicit configuration, the system defaults to an insecure state, which is not recommended from a security standpoint.

CVSS Analysis

As of the published date, a CVSS score for CVE-2025-34351 is N/A. However, given the potential for remote code execution, it is highly likely that a CVSS score would be classified as Critical (CVSS v3.x score of 9.0-10.0) when calculated. The key factors contributing to this severity include:

  • Remote Attack Vector: An attacker can exploit this vulnerability remotely, requiring only network access to the Ray cluster.
  • No User Interaction: No user interaction is required for the attacker to exploit the vulnerability.
  • High Impact: Successful exploitation can lead to complete system compromise, including arbitrary code execution and data theft.

Possible Impact

The impact of CVE-2025-34351 is significant. A successful exploit could allow an attacker to:

  • Gain complete control of the Ray cluster.
  • Execute arbitrary code on the cluster’s nodes.
  • Steal sensitive data processed by the Ray cluster.
  • Disrupt services running on the Ray cluster, leading to denial of service.
  • Compromise other systems within the same network as the Ray cluster.

Mitigation or Patch Steps

To mitigate CVE-2025-34351, it is crucial to enable token authentication for your Ray cluster. Follow these steps:

  1. Enable Token Authentication: Set the `RAY_AUTH_MODE` environment variable to `token`. This can be done when starting the Ray cluster: 
    export RAY_AUTH_MODE=token
  2. Generate a Token: Generate a secure token and configure all clients and workers to use this token for authentication. Refer to the Ray documentation for details on token generation.
  3. Consult Ray Documentation: Review the official Ray security documentation for best practices on securing your Ray cluster.
  4. Upgrade Ray (When Available): The vendor plans to enable token authentication by default in a future release. Upgrading to that version will provide a more secure default configuration.

By enabling token authentication, you ensure that only authorized users and applications can interact with the Ray cluster’s management interfaces.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *