VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-kd8z-ysxx-d3gd

Vulnerability ID	VCID-kd8z-ysxx-d3gd
Aliases	CVE-2025-34351 GHSA-gx77-xgc2-4888
Summary	Ray's New Token Authentication is Disabled By Default Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAY_AUTH_MODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1188	Initialization of a Resource with an Insecure Default
CWE-304	Missing Critical Step in Authentication
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://docs.ray.io/en/latest/ray-security/token-auth.html
		https://github.com/ray-project/ray
		https://github.com/ray-project/ray/releases/tag/ray-2.52.0
		https://www.cve.org/resourcessupport/allresources/cnarules#section_4-1_Vulnerability_Determination
		https://www.linkedin.com/posts/jonathan-leitschuh_the-latest-piece-of-mind-bending-research-activity-7396976425997606912-qizE
		https://www.oligo.security/blog/shadowray-2-0-attackers-turn-ai-against-itself-in-global-campaign-that-hijacks-ai-into-self-propagating-botnet
		https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
		https://www.vulncheck.com/advisories/anyscale-ray-token-authentication-disabled-by-default-insecure-configuration
CVE-2025-34351		https://nvd.nist.gov/vuln/detail/CVE-2025-34351
GHSA-gx77-xgc2-4888		https://github.com/advisories/GHSA-gx77-xgc2-4888
GHSA-w8vc-465m-jjw6		https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-w8vc-465m-jjw6

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:48:58.286647+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-34351.yml	38.6.0