cbcvebase.
CVE-2025-15036
published 2026-03-30

CVE-2025-15036: A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow…

PriorityP269critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.59%
43.6th percentile
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.

Affected

3 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 3.9.03.9.0
mlflowmlflow_mlflow>= 0 < 3.9.0rc03.9.0rc0
mlflowmlflow_mlflow>= unspecified < 3.9.03.9.0

Detection & IOCsextracted from sources · hover to see the quote

pathmlflow/pyfunc/dbconnect_artifact_cache.py
  • Monitor for tar.gz extraction operations invoking `extract_archive_to_dir` in mlflow/pyfunc/dbconnect_artifact_cache.py that result in file writes outside the intended sandbox/destination directory (path traversal via `../` sequences in tar member names).
  • Alert on file write events outside the expected extraction directory when MLflow processes tar.gz artifacts, which may indicate exploitation of the missing tar member path validation.
  • ·The vulnerability is present in MLflow versions before v3.7.0; upgrading to v3.7.0 or later remediates the missing tar member path validation in extract_archive_to_dir.
  • ·Risk is elevated in multi-tenant or shared cluster environments where multiple users share the same MLflow deployment, as exploitation can lead to sandbox escape and privilege escalation.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv3.09.6CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vendor_redhat9.6CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.