CVE-2025-64513: 
vulnerability analysis and mitigation

A critical authentication bypass vulnerability (CVE-2025-64513) was discovered in Milvus, an open-source vector database built for generative AI applications. The vulnerability, disclosed on November 10, 2025, affects the Milvus Proxy component across multiple versions including versions prior to 2.4.24, 2.5.21, and 2.6.5. The flaw has received a CVSS score of 9.3, indicating its critical severity (Security Online, GitHub Advisory).

The vulnerability exists in the AuthenticationInterceptor function within internal/proxy/authentication_interceptor.go. The root cause was identified as incorrect trust placed in the sourceID header, where the validSourceID function would improperly validate and trust this header value. This implementation flaw allowed the authentication check to be bypassed entirely (Miggo).

The vulnerability allows an unauthenticated attacker to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This access enables attackers to read, modify, or delete data, and perform privileged administrative operations such as database or collection management. The impact is particularly significant for organizations using Milvus to manage and query high-dimensional vector data in AI model retrieval, recommendation systems, and semantic search applications (GitHub Advisory, Security Online).

The vulnerability has been patched in Milvus versions 2.4.24, 2.5.21, and 2.6.5. Users are strongly advised to upgrade to these patched versions immediately. For organizations unable to upgrade immediately, a temporary mitigation is available by removing the sourceID header from all incoming requests at the gateway, API gateway, or load balancer level before they reach the Milvus Proxy (GitHub Advisory).