High severityNVD Advisory· Published Mar 18, 2026· Updated Mar 19, 2026
Path Traversal Vulnerability in mlflow/mlflow
CVE-2025-15031
Description
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mlflowPyPI | < 3.9.0rc0 | 3.9.0rc0 |
Affected products
3- osv-coords2 versions
< 3.11.1+ 1 more
- (no CPE)range: < 3.11.1
- (no CPE)range: < 3.9.0rc0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-fhff-qmm8-h2fpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-15031ghsaADVISORY
- github.com/mlflow/mlflow/blob/fe4d9be330426904283401f1d2ed914238b6fc37/mlflow/pyfunc/dbconnect_artifact_cache.pyghsaWEB
- github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346ghsaWEB
- huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4eghsaWEB
News mentions
0No linked articles in our index yet.