CVE-2025-10279
published 2026-02-02CVE-2025-10279: In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This…
PriorityP338high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
EPSS
0.21%
11.8th percentile
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 3.11.0 | 3.11.0 |
| lfprojects | mlflow | < 3.4.0 | 3.4.0 |
| mlflow | mlflow_mlflow | >= 0 < 3.4.0rc0 | 3.4.0rc0 |
| mlflow | mlflow_mlflow | >= unspecified < 3.11.0 | 3.11.0 |
CVSS provenance
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MLFlow Creates a Temporary File With Insecure Permissions
ghsa·2026-05-18·CVSS 7.0
CVE-2026-4137 [HIGH] CWE-378 MLFlow Creates a Temporary File With Insecure Permissions
MLFlow Creates a Temporary File With Insecure Permissions
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py` creates directories with group-writable permissions (0o770). These insecure permissions allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects, and achieve arbitrary code execution when the tampered artifacts are deserialized via `cloudpickle.load()`. This vulnerability is particularly critical in environments with shared NFS mounts, such as Databricks, where NFS is enabled by default. The issue is a continuation of t
GHSA
GHSA-f2m9-wcf4-cwwx: In mlflow/mlflow versions prior to 3
ghsa_unreviewed·2026-05-18·CVSS 7.0
CVE-2026-4137 [HIGH] CWE-378 GHSA-f2m9-wcf4-cwwx: In mlflow/mlflow versions prior to 3
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py` creates directories with group-writable permissions (0o770). These insecure permissions allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects, and achieve arbitrary code execution when the tampered artifacts are deserialized via `cloudpickle.load()`. This vulnerability is particularly critical in environments with shared NFS mounts, such as Databricks, where NFS is enabled by default. The issue is a continuation of the vulnerability class addressed in CVE-2025-10279, which w
OSV
mlflow Creates of Temporary File in Directory with Insecure Permissions
osv·2026-02-02
CVE-2025-10279 [HIGH] mlflow Creates of Temporary File in Directory with Insecure Permissions
mlflow Creates of Temporary File in Directory with Insecure Permissions
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
GHSA
mlflow Creates of Temporary File in Directory with Insecure Permissions
ghsa·2026-02-02
CVE-2025-10279 [HIGH] CWE-379 mlflow Creates of Temporary File in Directory with Insecure Permissions
mlflow Creates of Temporary File in Directory with Insecure Permissions
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
No detection rules found.
No public exploits indexed.
2026-02-02
Published