aikido.dev Secure My Code

Intel/AIKIDO-2025-10712

AIKIDO-2025-10712

ray is vulnerable to Improper Access Control

Improper Access Control Pre-CVE Published Oct 14, 2025

40

Medium Risk

This Affects:

PYTHON

1.0.0 - 2.49.2

Fixed in 2.50.0

Are you affected? Scan for Free

TL;DR

Affected versions of this package bind internal services and management endpoints to 0.0.0.0, possibly exposing Ray’s internal servers, dashboard agent HTTP/GRPC endpoints, and runtime environment agent to remote networks and increasing the risk of unauthorized access or information disclosure. The recent changes restrict bindings to the node IP (and localhost for the dashboard agent HTTP server), preventing remote attackers from reaching those interfaces by default and reducing the attack surface.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

ray is vulnerable to Improper Access Control in versions 1.0.0 - 2.49.2.

How to fix this

Upgrade the ray library to the patch version.

40

Medium Risk

This Affects:

PYTHON

1.0.0 - 2.49.2

Fixed in 2.50.0

Are you affected? Scan for Free

Links

github.com/ray-project/ray/releases/tag/ray-2.50.0

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done