High severity7.0NVD Advisory· Published Feb 2, 2026· Updated Apr 14, 2026
CVE-2025-10279
CVE-2025-10279
Description
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mlflowPyPI | < 3.4.0rc0 | 3.4.0rc0 |
Affected products
1Patches
11d7c8d4cf0a6Reduce write authority permissions in tmp directory creation (#17544)
1 file changed · +4 −2
mlflow/utils/file_utils.py+4 −2 modified@@ -757,8 +757,10 @@ def get_or_create_tmp_dir(): else: tmp_dir = tempfile.mkdtemp() # mkdtemp creates a directory with permission 0o700 - # change it to be 0o777 to ensure it can be seen in spark UDF - os.chmod(tmp_dir, 0o777) + # For Spark UDFs, we need to make it accessible to other processes + # Use 0o750 (owner: rwx, group: r-x, others: None) instead of 0o777 + # This allows read/execute but not write for group and others + os.chmod(tmp_dir, 0o750) atexit.register(shutil.rmtree, tmp_dir, ignore_errors=True) return tmp_dir
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194anvdPatchWEB
- github.com/advisories/GHSA-4x5p-f36r-mxxrghsaADVISORY
- huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8nvdThird Party AdvisoryExploitWEB
- nvd.nist.gov/vuln/detail/CVE-2025-10279ghsaADVISORY
News mentions
0No linked articles in our index yet.