Security

Open-Source AI Framework API Flaw Enables Global Cryptojacking Botnet

Unauthenticated Remote Code Execution in the Ray API is being weaponized to steal premium cloud compute for a self-propagating, resource-draining cryptojacking operation.
November 19, 20253 min

The image displays a stylized scene featuring towering, jagged ice formations, glowing deep blue at their bases and stark white on top, set against a light grey background. A prominent metallic structure, resembling a server or hardware wallet, is integrated with the ice, surrounded by smaller icy spheres and white, cloud-like elements, all reflected on a calm water surface
A macro shot highlights a meticulously engineered component, encased within a translucent, frosted blue shell. The focal point is a gleaming metallic mechanism featuring a hexagonal securing element and a central shaft with a distinct keyway and bearing, suggesting a critical functional part within a larger system

Briefing

A critical vulnerability in the Ray open-source AI framework’s API is under widespread, active exploitation, allowing threat actors to achieve unauthenticated Remote Code Execution (RCE). The primary consequence is the systemic compromise of enterprise and research cloud infrastructure, where attackers weaponize Ray’s legitimate resource orchestration features to install and manage a self-propagating cryptojacking botnet. Forensic analysis confirms the attackers are stealing premium compute resources, specifically high-value A100 GPU chips, to mine cryptocurrency, with the campaign observed to be ongoing since September 2024.

A close-up view reveals a multi-faceted, transparent object with sharp geometric edges, encasing a smooth, amorphous blue mass within its core. The interplay of light through the clear material highlights the vibrant blue interior and the intricate structure of the outer shell

Context

The prevailing risk factor in the open-source supply chain is the failure to enforce timely patching for known, critical vulnerabilities; this specific flaw was initially discovered in 2023, with public proof-of-concept code available since early 2025. This incident leverages the inherent complexity and wide-ranging access of AI/ML orchestration tools, which often run with excessive permissions on exposed cloud-hosted clusters, creating an ideal, high-value attack surface.

A futuristic metallic and white spherical device is prominently displayed, featuring a central circular mechanism. From this mechanism, a dense, white, cloud-like substance actively emerges and expands upwards

Analysis

The attack chain is initiated by exploiting an improperly secured API endpoint within the Ray framework that handles compute resource management. The core vulnerability is an eval injection bug, tracked as CVE-2025-24893, which allows an unauthenticated guest user to inject and execute arbitrary code through crafted requests to the search endpoint. Once RCE is achieved on the exposed Ray cluster, the threat actor utilizes the framework’s own features to deploy and orchestrate a covert cryptomining payload, effectively turning the victim’s high-end GPUs into a self-sustaining, distributed mining operation. The attackers employ techniques like CPU usage throttling and process disguising to evade detection while stealing premium compute resources.

An abstract geometric composition features two luminous, faceted blue crystalline rods intersecting at the center, surrounded by an intricate framework of dark blue and metallic silver blocks. The crystals glow with an internal light, suggesting precision and value, while the structural elements create a sense of depth and interconnectedness, all set against a soft grey background

Parameters

  • Vulnerability Type → Unauthenticated Remote Code Execution (RCE) via API flaw.
  • Affected System → Ray Open-Source AI Framework (versions before 15.10.11, 16.4.1, 16.5.0RC1).
  • Targeted Asset → Premium Cloud Compute Resources (e.g. A100 GPUs) for cryptomining.
  • Exploitation Status → Widespread and Active (spike observed November 7 and 11, 2025).
  • CVSS Score → 9.8 (Critical).

A multifaceted, crystalline structure radiates outwards from a central, spherical core. The core features concentric rings and a smooth, white central orb, encased in transparent material revealing internal mechanisms

Outlook

Immediate mitigation requires administrators to apply the latest patches (15.10.11, 16.4.1, or 16.5.0RC1) and strictly enforce network segmentation to prevent external access to the Ray API endpoint. This exploit establishes a new security baseline, highlighting the critical contagion risk from the convergence of open-source AI/ML infrastructure and the cryptocurrency threat landscape, demanding that all projects running high-value compute adopt zero-trust security models and mandatory API authentication. The long-term risk involves the normalization of infrastructure-level cryptojacking as a primary financial attack vector.

A detailed view presents a complex system of light blue, foam-like structures intricately surrounding and flowing through metallic and dark mechanical components. Transparent blue liquid fills various cavities, creating a dynamic visual interplay

Verdict

This incident confirms that the greatest systemic risk is the weaponization of unpatched, high-privilege infrastructure components for persistent, resource-draining financial gain, demanding an immediate and global patch mandate for all exposed AI/ML clusters.

Remote code execution, Unauthenticated API access, Cryptojacking botnet, Supply chain attack, Open source vulnerability, Cloud compute theft, AI framework security, Resource orchestration flaw, Self-propagating malware, Enterprise security risk, Compute resource mining, Server cluster compromise, API endpoint vulnerability, Infrastructure attack vector, Unpatched server risk, Post-exploitation activity, Command and control, Lateral movement, Code execution vulnerability, Autonomous malware spread Signal Acquired from → cyberscoop.com

Micro Crypto News Feeds

remote code execution

Definition ∞ Remote Code Execution (RCE) is a type of cybersecurity vulnerability that allows an attacker to execute arbitrary code on a target computer system over a network.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

compute resources

Definition ∞ Compute resources are the processing power, memory, and storage capacity required to run digital operations.

code execution

Definition ∞ Code execution is the process by which a computer follows instructions written in a programming language.

framework

Definition ∞ A framework provides a foundational structure or system that can be adapted or extended for specific purposes.

compute

Definition ∞ Compute refers to the processing power and computational operations required to execute digital tasks.

infrastructure

Definition ∞ Infrastructure refers to the fundamental technological architecture and systems that support the operation and growth of blockchain networks and digital asset services.

risk

Definition ∞ Risk refers to the potential for loss or undesirable outcomes.

Tags:

Tags: