Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
CriticalPublic exploit

Remote Code Execution in Ray via DNS Rebinding and User-Agent Guard Bypass

IdentifiersCVE-2025-62593CWE-94· Improper Control of Generation of…

CVE-2025-62593 is a critical remote code execution vulnerability in Ray, an AI compute engine, affecting versions prior to 2.52.0. The issue impacts developers running Ray as a development tool. Ray attempted to defend critical endpoints from browser-originated access by checking whether the User-Agent header started with the string "Mozilla" and returning an HTTP 405 response in that case. This protection is insufficient because, per the provided advisory context, the Fetch specification allows the User-Agent header to be modified in the relevant attack scenario. An attacker can combine this weakness with a DNS rebinding attack delivered through Firefox or Safari so that a victim developer’s browser, after visiting a malicious website or loading a malicious advertisement, can send requests to the locally reachable Ray service while bypassing the intended browser-based access restriction. Successful exploitation can result in remote code execution against the Ray instance.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an unauthenticated remote attacker to achieve remote code execution on a developer system running a vulnerable Ray instance. Because the attack is delivered through the victim’s browser, it can be triggered by normal web browsing to a malicious site or malvertising content. The impact is potentially full compromise of the Ray process and associated development environment, including execution of arbitrary commands, access to data handled by Ray, and follow-on actions depending on the privileges of the Ray service and host configuration. The provided context rates the issue CVSS v4.0 9.4 (Critical).

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure of Ray’s local or network-accessible interfaces to browser-originated traffic. Avoid browsing untrusted sites or allowing malvertising exposure from systems actively running vulnerable Ray instances, especially in Firefox and Safari as noted in the advisory context. Restrict access to Ray endpoints to trusted local clients only, use host-based firewalling or network controls to prevent unintended access, and isolate development workloads from routine web browsing where feasible. These are temporary risk-reduction measures and do not replace upgrading to 2.52.0 or later.

Remediation

Patch, then assume compromise.

Upgrade Ray to version 2.52.0 or later, which contains the patch for this issue. The provided references identify the fix in the Ray project and the associated GitHub Security Advisory (GHSA-q279-jhrf-cc6v). If Ray is deployed in development environments, ensure all local and shared developer instances are updated and verify that any exposed or locally bound Ray services are running the patched release.
PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 3 candidates as fakes, detection scripts, or README-only repos.

VALID 0 / 3 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app
the hacker newsNews
Mar 12, 2026
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

A recently disclosed vulnerability referenced as being incorporated quickly (with PoC) into the RondoDox DDoS botnet’s exploit set; the specific affected product/impact is not described in the provided content.

Read more
bitsight blogNews
Mar 11, 2026
RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities | Bitsight

A vulnerability for which public PoC material appears to have been available before CVE publication, and which RondoDox attempted to exploit even before the CVE was published; however, the observed exploit implementation was likely ineffective due to a User-Agent mistake.

Read more
security online infoNews
Nov 27, 2025
Critical Ray AI Flaw Exposes Devs via Safari & Firefox (CVE-2025-62593)

Unknown

Read more
cvefeed high severityNews
Nov 26, 2025
CVE-2025-62593 - Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack

A critical remote code execution (RCE) vulnerability in Ray (prior to 2.52.0) exploitable via browser-based attacks (Safari/Firefox) using DNS rebinding and User-Agent header manipulation, potentially triggered when a developer visits a malicious site or malvertising.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware3

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-62593
NVD
nvd.nist.gov/vuln/detail/CVE-2025-62593
MITRE CWE · CWE-94
Improper Control of Generation of Code ('Code…
github.com
github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09
github.com
github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v