Mage AI, Insecure Default Initialization, Remote Vulnerability

Crow

Mage AI, Insecure Default Initialization, Remote Vulnerability

 CVE-2025-2129 exposes a critical security flaw in Mage AI’s authentication framework, enabling zero-click remote code execution (RCE) due to insecure default configurations. Despite public exploit availability and evidence of over 1,000 vulnerable instances, Mage AI has disputed the findings and declined to address the issue

Vulnerability Overview 

The vulnerability stems from insecure default authentication settings in Mage AI v0.9.75, classified under CWE-1188. By default, the software does not enforce user authentication, allowing unrestricted access to its administrative interface. Attackers can exploit this to execute arbitrary code on unsecured instances without user interaction.

Key Characteristics

Published: Mart 09, 2025

  • CVSS Scores:

    • V3.1: 5.6 MEDIUM (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
    • V4.0: 6.3 MEDIUM (AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L)

  • Exploit Complexity: High, but publicly available proof-of-concept (PoC) code lowers barriers for attackers.

  • Impact: Compromised confidentiality, integrity, and availability of affected systems.

Technical Analysis

The flaw allows attackers to:

  • Bypass Authentication: Access Mage AI’s interface without credentials due to disabled-by-default security settings.

  • Execute Remote Code: Leverage unprotected API endpoints to deploy malicious payloads. For example, an attacker could inject code to exfiltrate data or deploy ransomware.
  • Zero-Click Exploitation: No user interaction required, making attacks stealthy and harder to detect.

Sample Attack Scenario:

An attacker scans public IP ranges using tools like Shodan or Censys, identifying Mage AI instances without authentication. Using the PoC, they upload a reverse shell payload, gaining full control over the server.

Exposure and Risk

  • Vulnerable Instances: 1,045 publicly accessible Mage AI servers were identified via OSINT tools, with 3 confirmed exploitable during testing.

  • Disputed Status: Mage AI dismissed the vulnerability after seven months of researcher outreach, leaving users unprotected.

  • Exploit Availability: Public PoC code increases likelihood of weaponization, though technical barriers remain.

Mitigation Recommendations

  • Enable Authentication: Manually activate authentication in Mage AI’s settings, despite poor documentation.

  • Network Segmentation: Restrict Mage AI instances to internal networks or VPN-only access.
  • Monitoring: Deploy intrusion detection systems (IDS) to flag unauthorized access attempts.

Organizations using Mage AI should consider alternative platforms until the vendor addresses this issue. The refusal to acknowledge the flaw highlights significant supply-chain risks in AI/ML tooling.



0 Comments

Hello, share your thoughts with us.