Security

Open-Source AI Framework API Flaw Enables Global Cryptojacking Botnet

Unauthenticated Remote Code Execution in the Ray API is being weaponized to steal premium cloud compute for a self-propagating, resource-draining cryptojacking operation.
November 19, 20253 min

The visual presents a series of concentric, semi-transparent blue rings, some containing or interacting with white, cloud-like formations. These elements are set against a gradient dark background, creating a sense of depth and dynamic movement
A series of interconnected white modular units are displayed, some revealing intricate glowing blue internal mechanisms. These futuristic components are linked linearly, suggesting a structured flow or connection within a complex system

Briefing

A critical vulnerability in the Ray open-source AI framework’s API is under widespread, active exploitation, allowing threat actors to achieve unauthenticated Remote Code Execution (RCE). The primary consequence is the systemic compromise of enterprise and research cloud infrastructure, where attackers weaponize Ray’s legitimate resource orchestration features to install and manage a self-propagating cryptojacking botnet. Forensic analysis confirms the attackers are stealing premium compute resources, specifically high-value A100 GPU chips, to mine cryptocurrency, with the campaign observed to be ongoing since September 2024.

A sophisticated 3D rendering depicts a complex, spherical mechanism featuring interlocking white modular segments that encase a central volume teeming with translucent blue cubes. A smooth white cylindrical element traverses the core, adding to the structural integrity

Context

The prevailing risk factor in the open-source supply chain is the failure to enforce timely patching for known, critical vulnerabilities; this specific flaw was initially discovered in 2023, with public proof-of-concept code available since early 2025. This incident leverages the inherent complexity and wide-ranging access of AI/ML orchestration tools, which often run with excessive permissions on exposed cloud-hosted clusters, creating an ideal, high-value attack surface.

A detailed close-up reveals a complex, futuristic machine composed of gleaming silver metallic parts and transparent tubes carrying a vibrant blue, glowing liquid. The intricate design suggests advanced engineering, with light reflecting off the polished surfaces and illuminating the fluid's movement

Analysis

The attack chain is initiated by exploiting an improperly secured API endpoint within the Ray framework that handles compute resource management. The core vulnerability is an eval injection bug, tracked as CVE-2025-24893, which allows an unauthenticated guest user to inject and execute arbitrary code through crafted requests to the search endpoint. Once RCE is achieved on the exposed Ray cluster, the threat actor utilizes the framework’s own features to deploy and orchestrate a covert cryptomining payload, effectively turning the victim’s high-end GPUs into a self-sustaining, distributed mining operation. The attackers employ techniques like CPU usage throttling and process disguising to evade detection while stealing premium compute resources.

A highly detailed, modular computing unit, featuring silver, black, and blue components, is centrally positioned. It displays various ports, pins, and a textured surface, indicating advanced electronic functionality

Parameters

  • Vulnerability Type → Unauthenticated Remote Code Execution (RCE) via API flaw.
  • Affected System → Ray Open-Source AI Framework (versions before 15.10.11, 16.4.1, 16.5.0RC1).
  • Targeted Asset → Premium Cloud Compute Resources (e.g. A100 GPUs) for cryptomining.
  • Exploitation Status → Widespread and Active (spike observed November 7 and 11, 2025).
  • CVSS Score → 9.8 (Critical).

The image displays a detailed blue metallic mechanism with a cluster of blue foam resting on its surface. This visual composition can be interpreted as representing the intricate architecture of blockchain protocols, where the foam symbolizes data or digital assets that are either being processed, secured, or potentially compromised within the network

Outlook

Immediate mitigation requires administrators to apply the latest patches (15.10.11, 16.4.1, or 16.5.0RC1) and strictly enforce network segmentation to prevent external access to the Ray API endpoint. This exploit establishes a new security baseline, highlighting the critical contagion risk from the convergence of open-source AI/ML infrastructure and the cryptocurrency threat landscape, demanding that all projects running high-value compute adopt zero-trust security models and mandatory API authentication. The long-term risk involves the normalization of infrastructure-level cryptojacking as a primary financial attack vector.

A futuristic, white and grey circular machine with glowing blue elements is shown actively processing and emitting a vibrant blue stream of data particles. The intricate design highlights advanced technological mechanisms at play

Verdict

This incident confirms that the greatest systemic risk is the weaponization of unpatched, high-privilege infrastructure components for persistent, resource-draining financial gain, demanding an immediate and global patch mandate for all exposed AI/ML clusters.

Remote code execution, Unauthenticated API access, Cryptojacking botnet, Supply chain attack, Open source vulnerability, Cloud compute theft, AI framework security, Resource orchestration flaw, Self-propagating malware, Enterprise security risk, Compute resource mining, Server cluster compromise, API endpoint vulnerability, Infrastructure attack vector, Unpatched server risk, Post-exploitation activity, Command and control, Lateral movement, Code execution vulnerability, Autonomous malware spread Signal Acquired from → cyberscoop.com

Micro Crypto News Feeds

remote code execution

Definition ∞ Remote Code Execution (RCE) is a type of cybersecurity vulnerability that allows an attacker to execute arbitrary code on a target computer system over a network.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

compute resources

Definition ∞ Compute resources are the processing power, memory, and storage capacity required to run digital operations.

code execution

Definition ∞ Code execution is the process by which a computer follows instructions written in a programming language.

framework

Definition ∞ A framework provides a foundational structure or system that can be adapted or extended for specific purposes.

compute

Definition ∞ Compute refers to the processing power and computational operations required to execute digital tasks.

infrastructure

Definition ∞ Infrastructure refers to the fundamental technological architecture and systems that support the operation and growth of blockchain networks and digital asset services.

risk

Definition ∞ Risk refers to the potential for loss or undesirable outcomes.

Tags:

Tags: