CVE-2025-15381
published 2026-03-27CVE-2025-15381: In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This…
PriorityP341high7.1CVSS 3.1
AVNACLPRLUINSUCLIHAN
EPSS
0.33%
24.9th percentile
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mlflow | mlflow_mlflow | 0 – 3.8.1 | — |
| mlflow | mlflow_mlflow | unspecified – latest | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MLFlow allows Tracing + Assessments Access
ghsa·2026-03-27
CVE-2025-15381 [HIGH] CWE-200 MLFlow allows Tracing + Assessments Access
MLFlow allows Tracing + Assessments Access
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected.
OSV
MLFlow allows Tracing + Assessments Access
osv·2026-03-27
CVE-2025-15381 [HIGH] MLFlow allows Tracing + Assessments Access
MLFlow allows Tracing + Assessments Access
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected.
Red Hat
mlflow/mlflow: mlflow/mlflow: Information disclosure and unauthorized data modification via unprotected tracing and assessment endpoints
vendor_redhat·2026-03-27·CVSS 8.1
CVE-2025-15381 [HIGH] CWE-425 mlflow/mlflow: mlflow/mlflow: Information disclosure and unauthorized data modification via unprotected tracing and assessment endpoints
mlflow/mlflow: mlflow/mlflow: Information disclosure and unauthorized data modification via unprotected tracing and assessment endpoints
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected.
A flaw was found in mlflow/mlflow. When the `basic-auth` application is enabled, tracing and assessment endpoints lac
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-2635 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-2635 [CRITICAL] CVE-2026-2635 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2635 :
MLflow vulnerability analysis and mitigation
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256.
Source : NVD
## 9.8
Score
Published February 20, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
MLflow
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Pr
Wiz
CVE-2026-2033 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-2033 [CRITICAL] CVE-2026-2033 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2033 :
MLflow vulnerability analysis and mitigation
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649.
Source : NVD
## 8.1
Score
Published February 20, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
MLflow
Has Public Exploit No
Has C
Wiz
CVE-2025-15381 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-15381 [CRITICAL] CVE-2025-15381 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15381 :
MLflow vulnerability analysis and mitigation
basic-auth
NO_PERMISSIONS
mlflow server --app-name=basic-auth
Source : NVD
## 8.1
Score
Published March 27, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mlflow
Sources
NVD
pip Severity HIGH No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Wiz
CVE-2025-15036 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-15036 [CRITICAL] CVE-2025-15036 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15036 :
MLflow vulnerability analysis and mitigation
extract_archive_to_dir
mlflow/pyfunc/dbconnect_artifact_cache.py
Source : NVD
## 9.6
Score
Published March 30, 2026
Severity CRITICAL
CNA Score 9.6
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mlflow
Sources
NVD
pip Severity CRITICAL Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploi
Wiz
CVE-2025-14287 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-14287 [HIGH] CVE-2025-14287 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14287 :
MLflow vulnerability analysis and mitigation
mlflow/sagemaker/__init__.py
os.system()
--container
Source : NVD
## 7.5
Score
Published March 16, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mlflow
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 18, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Publish
Wiz
CVE-2025-14279 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-14279 [HIGH] CVE-2025-14279 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14279 :
MLflow vulnerability analysis and mitigation
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.
Source : NVD
## 8.1
Score
Published January 12, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Perc
Wiz
CVE-2025-10279 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-10279 [HIGH] CVE-2025-10279 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-10279 :
MLflow vulnerability analysis and mitigation
/tmp
.py
Source : NVD
## 7
Score
Published February 2, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
MLflow
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mlflow
Sources
NVD
pip Severity HIGH Has Fix Added at: Feb 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2025-15379
CRITICAL
10
MLflow
Wiz
CVE-2025-15379 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-15379 [CRITICAL] CVE-2025-15379 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15379 :
MLflow vulnerability analysis and mitigation
_install_model_dependencies_to_env()
env_manager=LOCAL
python_env.yaml
Source : NVD
## 10
Score
Published March 30, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 46.7
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
mlflow
Sources
NVD
pip Severity CRITICAL Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV
Wiz
CVE-2026-0545 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-0545 [CRITICAL] CVE-2026-0545 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0545 :
MLflow vulnerability analysis and mitigation
/ajax-api/3.0/jobs/*
basic-auth
MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true
Source : NVD
## 9.1
Score
Published April 3, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 42.1
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
mlflow
Sources
NVD
pip Severity CRITICAL No Fix Added at: Apr 07, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related MLflow vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV e
2026-03-27
Published