CVE-2025-15453 is a security vulnerability identified in Milvus, an open-source vector database widely used for AI and machine learning applications. The flaw exists in the expr.Exec function within the pkg/util/expr/expr.go file, part of the HTTP Endpoint component. The vulnerability is caused by improper handling of the 'code' argument, which leads to unsafe deserialization of data. Deserialization vulnerabilities occur when untrusted input is deserialized without sufficient validation, potentially allowing attackers to execute arbitrary code remotely. This vulnerability requires no user interaction and no prior authentication, making it remotely exploitable over the network. The CVSS 4.0 base score is 5.3 (medium), reflecting the moderate impact on confidentiality, integrity, and availability, with low attack complexity but requiring limited privileges. The vulnerability affects all Milvus versions from 2.6.0 through 2.6.7. Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation attempts. A patch is planned for the upcoming 2.6.8 release, but until then, affected systems remain at risk. This vulnerability could allow attackers to execute arbitrary code on the server hosting Milvus, potentially leading to data breaches, service disruption, or lateral movement within affected networks.

For European organizations, the impact of CVE-2025-15453 can be significant, especially for those relying on Milvus for AI, machine learning, or vector search workloads. Successful exploitation could lead to unauthorized code execution on critical infrastructure, resulting in data theft, corruption, or service outages. This could affect sectors such as finance, healthcare, research institutions, and technology companies that leverage Milvus for advanced data processing. The vulnerability's remote exploitability without authentication increases the risk of automated attacks and compromises. Additionally, disruption of AI services could impact business operations and innovation efforts. Given the growing adoption of AI technologies in Europe, the vulnerability poses a tangible risk to confidentiality, integrity, and availability of sensitive data and services.

1. Immediate mitigation involves upgrading Milvus to version 2.6.8 or later once the patch is released. 2. Until patching is possible, restrict network access to the Milvus HTTP Endpoint using firewall rules or network segmentation to limit exposure to untrusted networks. 3. Implement strict input validation and monitoring on the 'code' argument if custom proxies or middleware are used. 4. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of exploitation attempts. 5. Regularly audit and monitor logs for suspicious deserialization activity or unexpected code execution patterns. 6. Conduct vulnerability scanning and penetration testing focused on deserialization vulnerabilities in Milvus deployments. 7. Educate development and operations teams about secure deserialization practices and the risks of unsafe code execution paths.