Plattform
python
Komponente
mlflow
Behoben in
3.9.0
3.9.0rc0
CVE-2025-15036 represents a critical path traversal vulnerability discovered within the MLflow machine learning platform. This flaw allows attackers to manipulate file paths during archive extraction, potentially leading to arbitrary file overwrites and privilege escalation, particularly in multi-tenant or shared cluster environments. The vulnerability affects versions of MLflow up to 3.8.1 and has been resolved in version 3.9.0rc0.
The core of the vulnerability lies in the extractarchiveto_dir function, which lacks proper validation of tar member paths. An attacker can craft a malicious tar.gz archive containing paths designed to overwrite critical system files or configuration data outside the intended extraction directory. This could lead to complete system compromise, data exfiltration, or denial of service. In multi-tenant environments, the attacker could potentially pivot to other user accounts or containers, significantly expanding the blast radius. The ability to overwrite arbitrary files makes this a high-impact vulnerability, as it bypasses typical sandbox protections.
CVE-2025-15036 is currently not listed on KEV or EPSS. The CVSS score of 9.6 indicates a critical severity. Public proof-of-concept (POC) exploits are not yet publicly available, but the vulnerability's nature makes it likely that such exploits will emerge. The vulnerability was published on 2026-03-30.
Organizations using MLflow in multi-tenant or shared cluster environments are particularly at risk. This includes data science teams deploying machine learning models in cloud-based platforms or containerized environments. Legacy MLflow deployments using older versions are also vulnerable.
• python / mlflow:
import os
import tarfile
def check_mlflow_vulnerability(archive_path):
try:
with tarfile.open(archive_path, 'r') as tar:
for member in tar.getmembers():
if '..' in member.name:
print(f"Potential path traversal detected in member: {member.name}")
return True
return False
except Exception as e:
print(f"Error processing archive: {e}")
return False
# Example usage
archive_path = 'path/to/your/archive.tar.gz'
if check_mlflow_vulnerability(archive_path):
print("Vulnerability potentially present.")
else:
print("No immediate path traversal vulnerability detected.")• generic web: Check for unusual file creations or modifications in the MLflow artifact store directory. Monitor system logs for errors related to file access or extraction.
disclosure
Exploit-Status
EPSS
0.05% (17% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-15036 is to upgrade to MLflow version 3.9.0rc0 or later, which includes the necessary path validation fixes. If upgrading immediately is not feasible, consider implementing stricter file system permissions to limit the impact of potential overwrites. Implement a Web Application Firewall (WAF) with rules to block suspicious file paths or archive uploads. Carefully scrutinize any tar.gz files before extraction, especially if their source is untrusted. After upgrading, confirm the fix by attempting to extract a known malicious archive and verifying that the extraction is denied due to path validation.
Actualice la biblioteca mlflow a la versión 3.9.0 o superior. Esto corrige la vulnerabilidad de path traversal en la función `extract_archive_to_dir` al validar correctamente las rutas de los miembros del archivo tar durante la extracción. La actualización previene la sobrescritura de archivos arbitrarios y la posible escalada de privilegios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-15036 is a critical path traversal vulnerability in MLflow versions up to 3.8.1, allowing attackers to overwrite files and potentially gain elevated privileges.
You are affected if you are using MLflow versions 3.8.1 or earlier. Upgrade to 3.9.0rc0 or later to mitigate the risk.
Upgrade MLflow to version 3.9.0rc0 or later. As a temporary workaround, restrict archive extraction directories and validate archive contents.
While no public exploits are currently known, the vulnerability's criticality suggests a high likelihood of exploitation if left unpatched.
Refer to the MLflow security advisories and release notes on the MLflow GitHub repository for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.