CVE-2025-15031
published 2026-03-18CVE-2025-15031: A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use…
PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.85%
53.6th percentile
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | <= 3.10.1 | — |
| lfprojects | mlflow | >= 0 < 3.9.0rc0 | 3.9.0rc0 |
| mlflow | mlflow_mlflow | unspecified – latest | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect tar.gz archive entries containing path traversal sequences (`..`) or absolute paths being extracted via MLflow's pyfunc extraction process, which uses `tarfile.extractall` without path validation. ↗
- →Monitor MLflow pyfunc model artifact ingestion for tar.gz files that write files outside the intended extraction directory, which may indicate exploitation of this path traversal vulnerability. ↗
- →In Red Hat OpenShift AI (RHOAI) environments, monitor the rhoai/odh-mlflow-rhel9 package for exploitation attempts involving crafted tar.gz artifact uploads. ↗
- ·The vulnerability is specifically triggered during MLflow's pyfunc extraction process when handling tar.gz model artifacts; risk is elevated in multi-tenant environments or where untrusted artifacts are ingested. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv3.08.1HIGHCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Arbitrary file write via tar traversal in mlflow
ghsa·2026-03-19
CVE-2025-15031 [HIGH] CWE-22 Arbitrary file write via tar traversal in mlflow
Arbitrary file write via tar traversal in mlflow
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
OSV
Arbitrary file write via tar traversal in mlflow
osv·2026-03-19
CVE-2025-15031 [HIGH] Arbitrary file write via tar traversal in mlflow
Arbitrary file write via tar traversal in mlflow
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
Red Hat
mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow
vendor_redhat·2026-03-18·CVSS 9.1
CVE-2025-15031 [CRITICAL] CWE-22 mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow
mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
Package: rhoai/odh-mlflow-rhel9 (Red Hat OpenShift AI (RHOAI)) - Affected
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-2635 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-2635 [CRITICAL] CVE-2026-2635 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2635 :
MLflow vulnerability analysis and mitigation
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256.
Source : NVD
## 9.8
Score
Published February 20, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
MLflow
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Pr
Wiz
CVE-2026-2033 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-2033 [CRITICAL] CVE-2026-2033 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2033 :
MLflow vulnerability analysis and mitigation
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649.
Source : NVD
## 8.1
Score
Published February 20, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
MLflow
Has Public Exploit No
Has C
Wiz
CVE-2025-15381 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-15381 [CRITICAL] CVE-2025-15381 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15381 :
MLflow vulnerability analysis and mitigation
basic-auth
NO_PERMISSIONS
mlflow server --app-name=basic-auth
Source : NVD
## 8.1
Score
Published March 27, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mlflow
Sources
NVD
pip Severity HIGH No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Wiz
CVE-2025-15036 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-15036 [CRITICAL] CVE-2025-15036 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15036 :
MLflow vulnerability analysis and mitigation
extract_archive_to_dir
mlflow/pyfunc/dbconnect_artifact_cache.py
Source : NVD
## 9.6
Score
Published March 30, 2026
Severity CRITICAL
CNA Score 9.6
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mlflow
Sources
NVD
pip Severity CRITICAL Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploi
Wiz
CVE-2025-15031 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-15031 [CRITICAL] CVE-2025-15031 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15031 :
NixOS vulnerability analysis and mitigation
tarfile.extractall
..
Source : NVD
## 9.1
Score
Published March 18, 2026
Severity CRITICAL
CNA Score 8.1
Affected Technologies
NixOS
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mlflow
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity CRITICAL No Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA
Wiz
CVE-2025-14287 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-14287 [HIGH] CVE-2025-14287 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14287 :
MLflow vulnerability analysis and mitigation
mlflow/sagemaker/__init__.py
os.system()
--container
Source : NVD
## 7.5
Score
Published March 16, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mlflow
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 18, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Publish
Wiz
CVE-2025-14279 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-14279 [HIGH] CVE-2025-14279 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14279 :
MLflow vulnerability analysis and mitigation
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.
Source : NVD
## 8.1
Score
Published January 12, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Perc
Wiz
CVE-2025-10279 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-10279 [HIGH] CVE-2025-10279 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-10279 :
MLflow vulnerability analysis and mitigation
/tmp
.py
Source : NVD
## 7
Score
Published February 2, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
MLflow
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mlflow
Sources
NVD
pip Severity HIGH Has Fix Added at: Feb 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2025-15379
CRITICAL
10
MLflow
Wiz
CVE-2025-15379 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-15379 [CRITICAL] CVE-2025-15379 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15379 :
MLflow vulnerability analysis and mitigation
_install_model_dependencies_to_env()
env_manager=LOCAL
python_env.yaml
Source : NVD
## 10
Score
Published March 30, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 46.7
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
mlflow
Sources
NVD
pip Severity CRITICAL Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV
Wiz
CVE-2026-0545 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-0545 [CRITICAL] CVE-2026-0545 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0545 :
MLflow vulnerability analysis and mitigation
/ajax-api/3.0/jobs/*
basic-auth
MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true
Source : NVD
## 9.1
Score
Published April 3, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 42.1
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
mlflow
Sources
NVD
pip Severity CRITICAL No Fix Added at: Apr 07, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV e
https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4ehttps://access.redhat.com/security/cve/CVE-2025-15031https://bugzilla.redhat.com/show_bug.cgi?id=2448912https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4ehttps://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15031.json
2026-03-18
Published