CVE-2025-15453 | milvus up to 2.6.7 HTTP Endpoint pkg/util/expr/expr.go expr.Exec code deserialization (Issue 46442)

Inserito da Angelo Barbosa | Gen 4, 2026 | CVE

A vulnerability classified as critical has been found in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization.

This vulnerability is referenced as CVE-2025-15453. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A fix is planned for the next release 2.6.8.

CVE-2025-15453 | milvus up to 2.6.7 HTTP Endpoint pkg/util/expr/expr.go expr.Exec code deserialization (Issue 46442)

Post correlati

CVE-2023-40696 | IBM Cognos Controller 10.4.1/10.4.2/11.0.0 risky encryption (XFDB-264939)

CVE-2025-68145 | modelcontextprotocol servers up to 2025.12.16 repo_path path traversal

CVE-2024-10270 | Keycloak SearchQueryUtils redos

CVE-2024-32696 | QuantumCloud Infographic Maker Plugin up to 4.6.6 on WordPress cross site scripting