Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ray missing-auth flaw (CVE-2023-48022)

Vulnerability
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2023-48022 in Ray is being actively exploited against exposed clusters, letting attackers take over susceptible instances and steal GPU capacity for cryptomining. The flaw is a critical missing-authentication bug affecting the Ray Dashboard and unauthenticated Ray Job Submission API on internet-facing systems. The vulnerability remains unpatched, leaving publicly exposed Ray deployments at continued risk of unauthorized access and mining abuse.

Related Happenings

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

ShadowRay 2.0 Ray cluster hijacking campaign

Campaign
First: 18.11.2025 22:56 Last: 18.11.2025 22:56 Sources 1

How related: The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024.

About this happening: The **ShadowRay 2.0** campaign is hijacking exposed **Ray clusters** on the public internet, using **AI-generated payloads** and **CVE-2023-48022** to spread a self-propagating cr...

Open Happening

ShadowRay 2.0 cryptomining malware on Ray clusters

Malware Activity
First: 18.11.2025 22:56 Last: 18.11.2025 22:56 Sources 1

How related: Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet.

About this happening: A **ShadowRay 2.0** payload is turning exposed **Ray clusters** into a **cryptomining botnet**, creating persistent unauthorized access and Monero mining on compromised infrastruc...

Latest development: 20.11.2025 19:24

ShadowRay 2.0 is abusing compromised Ray clusters to deploy sockstress, a TCP state-exhaustion tool, against production websites, expanding the self-replicating XMRig cryptomining botnet into a multi-purpose attack platform that can also pressure rival mining infrastructure on port 3333.

Open Happening

Erlang/OTP SSH CVE-2025-32433 exploitation wave

Exploitation Wave
First: 11.08.2025 18:08 Last: 11.08.2025 18:08 Sources 1

About this happening: **CVE-2025-32433** is being exploited in **short, high-intensity bursts** against **Erlang/OTP SSH** servers, creating immediate risk for **exposed systems** and **OT networks**....

Open Happening

Timeline

  1. 20.11.2025 19:24 2 articles · 6mo ago

    ShadowRay 2.0 exploits Ray CVE-2023-48022

    Initial Disclosure

    Oligo Security warned that ShadowRay 2.0 is exploiting CVE-2023-48022, a CVSS 9.8 missing-authentication bug in the Ray open-source artificial intelligence (AI) framework, to take control of exposed GPU clusters, run XMRig, and assemble a self-replicating cryptocurrency mining botnet across internet-facing Ray Job Submission API and Ray Dashboard instances.

    Show sources
    Open in new tab