Plattform
python
Komponente
mlflow
Behoben in
3.8.2
3.9.0rc0
CVE-2025-15379 represents a critical command injection vulnerability within MLflow's model serving container initialization process. This flaw allows an attacker to inject arbitrary commands during model deployment, potentially leading to complete system compromise. The vulnerability affects versions of MLflow 3.8.0 and prior and has been resolved in version 3.8.1.
The vulnerability stems from MLflow's reliance on the pythonenv.yaml file within the model artifact to specify dependencies. When deploying a model with envmanager=LOCAL, MLflow directly interpolates the contents of this file into a shell command without proper sanitization. An attacker can craft a malicious python_env.yaml file containing shell commands that will be executed with the privileges of the MLflow deployment process. This could allow the attacker to install malware, steal sensitive data, or gain persistent access to the system. The impact is particularly severe as it can be triggered during model deployment, a common and often automated process.
CVE-2025-15379 is currently not listed on KEV or EPSS. The CVSS score of 10 indicates a critical severity. Public proof-of-concept (POC) exploits are not yet publicly available, but the vulnerability's nature makes it likely that such exploits will emerge. The vulnerability was published on 2026-03-30.
Organizations heavily reliant on MLflow for model deployment, particularly those using the LOCAL environment manager, are at significant risk. This includes data science teams, machine learning engineers, and DevOps professionals responsible for deploying ML models in production environments. Shared hosting environments where multiple users can upload model artifacts are also particularly vulnerable.
• python / mlflow:
import os
import subprocess
def check_python_env_yaml(yaml_file):
try:
with open(yaml_file, 'r') as f:
yaml_content = f.read()
if '!' in yaml_content:
print(f"Potential command injection detected in {yaml_file}")
except FileNotFoundError:
print(f"File not found: {yaml_file}")
# Example usage
check_python_env_yaml('path/to/python_env.yaml')• linux / server:
find /opt/mlflow/models -name 'python_env.yaml' -print0 | xargs -0 grep -l '!'disclosure
Exploit-Status
EPSS
0.24% (47% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-15379 is to upgrade to MLflow version 3.8.1 or later. As an interim measure, carefully review the contents of any model artifacts before deployment, paying close attention to the pythonenv.yaml file. Consider using a container runtime with enhanced security features, such as seccomp profiles or AppArmor, to limit the potential impact of command injection. Implement a Web Application Firewall (WAF) to filter out suspicious commands in the pythonenv.yaml file. After upgrading, confirm the fix by deploying a model with a known malicious python_env.yaml and verifying that the command injection is prevented.
Actualice MLflow a la versión 3.8.2 o superior. Esto corrige la vulnerabilidad de inyección de comandos en la inicialización del contenedor de servicio de modelos. La actualización evitará la ejecución de comandos arbitrarios al desplegar modelos con `env_manager=LOCAL`.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-15379 is a critical command injection vulnerability in MLflow versions up to 3.8.0rc0. It allows attackers to execute arbitrary commands during model deployment by crafting malicious model artifacts.
You are affected if you are using MLflow versions 3.8.0 or earlier and deploying models using the LOCAL environment manager. Upgrade to 3.8.1 to mitigate the risk.
The recommended fix is to upgrade MLflow to version 3.8.1 or later. As a temporary workaround, implement WAF rules or restrict deployment of models from untrusted sources.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation makes it a high-priority concern. Active exploitation is possible.
Refer to the MLflow security advisory for detailed information and updates: [https://mlflow.org/docs/security](https://mlflow.org/docs/security)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.