Plattform
python
Komponente
mlflow
Behoben in
3.9.0rc0
CVE-2025-15031 describes an Arbitrary File Access vulnerability discovered in MLflow, a platform for managing the machine learning lifecycle. This vulnerability arises from improper handling of tar archive entries during the pyfunc extraction process, allowing attackers to write files outside the intended directory. Versions of MLflow prior to 3.9.0rc0 are affected, and upgrading is the recommended solution.
The core of this vulnerability lies in MLflow's pyfunc extraction functionality. When MLflow processes a tar.gz archive containing a pyfunc artifact, it uses tarfile.extractall without adequately validating the paths within the archive. A malicious actor can craft a specially designed tar.gz file containing entries with .. (parent directory) sequences or absolute paths. When extracted, these entries will overwrite files outside the intended extraction directory, potentially leading to arbitrary file overwrites. In multi-tenant environments, this could allow an attacker to compromise other users' artifacts or even gain remote code execution if they can overwrite critical system files. The potential blast radius is significant, particularly in deployments where untrusted artifacts are ingested.
This vulnerability was publicly disclosed on 2026-03-19. There is currently no indication of active exploitation campaigns targeting CVE-2025-15031. The vulnerability's severity is considered HIGH (CVSS:8.1), and while a public proof-of-concept is not yet available, the ease of crafting malicious tar.gz files suggests a moderate risk of exploitation. It is not currently listed on the CISA KEV catalog.
Organizations utilizing MLflow in multi-tenant environments or those that ingest machine learning artifacts from untrusted sources are at the highest risk. Specifically, teams relying on automated artifact pipelines without robust validation procedures are particularly vulnerable. Users who have not upgraded to MLflow 3.9.0rc0 or later are also at risk.
• python / mlflow: Inspect MLflow's pyfunc extraction code for missing path validation.
import tarfile
tar = tarfile.open('malicious.tar.gz', 'r:gz')
for member in tar.getmembers():
member.name = os.path.join('safe_extraction_dir', member.name) # Add path validation here
tar.extractall('extraction_dir')
tar.close()• linux / server: Monitor file system activity for unexpected writes in MLflow's extraction directories using auditd.
ausearch -m always -f /path/to/mlflow/extraction_dir• generic web: Monitor access logs for requests containing tar.gz archives with suspicious filenames or paths.
disclosure
Exploit-Status
EPSS
0.12% (30% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-15031 is to upgrade to MLflow version 3.9.0rc0 or later, which includes the necessary path validation fixes. If upgrading immediately is not feasible, consider implementing stricter artifact validation procedures before ingestion. This could involve scanning tar.gz files for malicious path entries before processing them. Additionally, restrict the permissions of the MLflow user to minimize the impact of a successful file overwrite. Implement a Web Application Firewall (WAF) rule to block requests containing suspicious tar.gz files. After upgrading, verify the fix by attempting to extract a crafted tar.gz archive containing malicious path entries and confirming that the extraction fails with an appropriate error.
Actualice MLflow a la última versión disponible. Esto corrige la vulnerabilidad de path traversal al extraer archivos tar.gz, evitando la escritura de archivos arbitrarios y la posible ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-15031 is a HIGH severity vulnerability in MLflow versions ≤3.8.1 that allows attackers to overwrite files due to improper path validation during tar archive extraction, potentially leading to remote code execution.
You are affected if you are using MLflow versions 3.8.1 or earlier. Upgrade to 3.9.0rc0 or later to mitigate the risk.
The recommended fix is to upgrade to MLflow version 3.9.0rc0 or later. Implement stricter artifact validation procedures as an interim measure.
Currently, there is no public proof-of-concept or confirmed exploitation campaigns associated with CVE-2025-15031, but the HIGH severity warrants immediate attention.
Refer to the MLflow security advisories page for the latest information and updates regarding CVE-2025-15031: [https://mlflow.org/security/advisories](https://mlflow.org/security/advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.