CVE-2025-15031

CVSS Score & Metrics

Base Score

8.1 / 10

Vector String

                                        CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.

Vulnerability Details

Published Date

March 18, 2026

Last Modified

March 23, 2026

CWE ID

CWE-22

Source

NVD

Vendor

mlflow

Product

mlflow/mlflow

External References

https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment