What is the CVSS score of CVE-2023-48022?

CVE-2023-48022 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 92.2%.

Is there a public PoC exploit available for CVE-2023-48022?

Yes, a public proof-of-concept exploit is available for CVE-2023-48022. Prioritise patching immediately. EPSS: 92.2%.

How to fix or mitigate CVE-2023-48022?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Implement egress filtering and URL validation for server-side requests.

CVE-2023-48022

CRITICAL

Server-Side Request Forgery (SSRF) (CWE-918)

2023-11-28 cve@mitre.org

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:19 vuln.today

PoC Detected

Dec 17, 2025 - 17:15 vuln.today

Public exploit code

CVE Published

Nov 28, 2023 - 08:15 nvd

CRITICAL 9.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

5 pypi packages depend on ray (5 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.49.2.

DescriptionNVD

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. (Also, within that environment, customers at version 2.52.0 and later can choose to use token authentication.)

AnalysisAI

Anyscale Ray 2.6.3 and 2.8.0 expose an unauthenticated job submission API that allows remote code execution by design. The vendor considers this expected behavior for a compute framework intended for trusted network environments, but internet-exposed Ray clusters are actively exploited by cryptominers and data exfiltration campaigns.

Technical ContextAI

Ray is a distributed computing framework for ML/AI workloads. The dashboard (port 8265) and job submission API intentionally allow unauthenticated code execution as this is the framework's core functionality. The vendor explicitly states Ray is not designed for untrusted network exposure. However, cloud misconfigurations frequently expose Ray clusters to the internet, and the API accepts arbitrary Python code execution.

Affected ProductsAI

Anyscale Ray 2.6.3 Anyscale Ray 2.8.0 Ray clusters on AWS/GCP/Azure without network restrictions

RemediationAI

Never expose Ray clusters to the internet. Place Ray behind a VPN or private network with strict access controls. Enable Ray's authentication features if available in newer versions. Monitor Ray job submission logs for unexpected workloads. Audit cloud security groups for port 8265 exposure.

CVE-2023-48022 vulnerability details – vuln.today

Back

CVE-2023-48022

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code