MLflow is an open-source platform designed to manage the entire machine learning lifecycle. It provides tools for experiment tracking, reproducible runs, and model deployment. MLflow is versatile and can be used with any machine learning library, programming language, or deployment tool.

What are the risks associated with CVE-2025-15379?

CVE-2025-15379 is a command injection vulnerability in MLflow that allows an attacker to execute arbitrary commands on the system. This can lead to complete system compromise, data breaches, and other malicious activities if a malicious model artifact is deployed.

How do I upgrade MLflow to the latest version?

You can upgrade MLflow to the latest version using the pip package manager. Simply run the command `pip install --upgrade mlflow` in your terminal. This will download and install the newest version of MLflow, including the necessary security patches.

What versions of MLflow are affected by these vulnerabilities?

CVE-2025-15381 affects versions <= 3.8.1, CVE-2025-15036 affects versions <= 3.8.1, and CVE-2025-15379 affects versions <= 3.8.0rc0. It is crucial to upgrade to the fixed versions (3.9.0rc0 for CVE-2025-15036 and 3.8.1 for CVE-2025-15379) or later to mitigate these risks.

Multiple Vulnerabilities Patched in MLflow

Multiple critical vulnerabilities have been discovered in MLflow, including command injection, path traversal, and unauthorized access to tracing data. These vulnerabilities could allow for arbitrary command execution, file overwrites, and data exposure. Users are advised to upgrade to the latest version of MLflow to mitigate these risks.

These vulnerabilities range from high to critical, potentially leading to significant data breaches and system compromise.

What is Mlflow?

Mlflow is an open-source platform for managing the end-to-end machine learning lifecycle. It provides tools for tracking experiments, packaging code into reproducible runs, and deploying models. Mlflow is designed to work with any machine learning library, language, or deployment tool. To learn more, you can search all mlflow CVEs.

CVE-2025-15381: MLFlow allows Tracing + Assessments Access

CVSS8.1

Affected versionsThis vulnerability affects MLflow versions 3.8.1 and earlier when the `basic-auth` app is enabled (`mlflow server --app-name=basic-auth`). Any authenticated user, even those with `NO_PERMISSIONS` on the experiment, can exploit this.

High severity, potentially leading to data exposure and integrity issues.

EPSS score of 0.011 indicates a low probability of exploitation.

MLflow's basic-auth app lacks permission validation for tracing and assessment endpoints. This allows authenticated users with limited permissions to access trace information and create assessments, potentially exposing sensitive metadata and compromising data integrity.

How to fix CVE-2025-15381 in Mlflow

Patch within 24h

1.Upgrade MLflow to the latest version.

Upgrade MLflow

pip install --upgrade mlflow

Verify with:

verify

mlflow --version

Workaround: Disable the `basic-auth` app if possible, or restrict access to the MLflow server.

NextGuard automatically flags CVE-2025-15381 if Mlflow appears in any of your monitored projects — no manual lookup required.

CVE-2025-15036: MLFlow path traversal vulnerability

CVSS9.6

Affected versionsThis vulnerability affects MLflow versions prior to v3.7.0 and up to 3.8.1. Multi-tenant or shared cluster environments are particularly at risk.

Critical severity, allowing for arbitrary file overwrite and privilege escalation.

EPSS score of 0.05 suggests a moderate probability of exploitation.

A path traversal vulnerability exists in MLflow's `extract_archive_to_dir` function due to insufficient validation of tar member paths. An attacker controlling the tar.gz file can overwrite arbitrary files or escalate privileges, potentially escaping the sandbox in shared environments.

How to fix CVE-2025-15036 in Mlflow

Patch immediately

1.Upgrade MLflow to version 3.9.0rc0 or later.

Upgrade MLflow

pip install --upgrade mlflow

Verify with:

verify

mlflow --version

Workaround: Avoid extracting untrusted tar.gz files using the `extract_archive_to_dir` function.

NextGuard automatically flags CVE-2025-15036 if Mlflow appears in any of your monitored projects — no manual lookup required.

CVE-2025-15379: MLflow Command Injection vulnerability

CVSS10.0

Affected versionsThis vulnerability affects MLflow versions 3.8.0 and 3.8.0rc0 when deploying a model with `env_manager=LOCAL`. Systems deploying models from untrusted sources are particularly vulnerable.

Critical severity, allowing for arbitrary command execution.

EPSS score of 0.168 indicates a high probability of exploitation.

MLflow's model serving container initialization code is vulnerable to command injection. By supplying a malicious model artifact with crafted dependency specifications in `python_env.yaml`, an attacker can achieve arbitrary command execution on systems deploying the model.

How to fix CVE-2025-15379 in Mlflow

Patch immediately

1.Upgrade MLflow to version 3.8.1 or later.

Upgrade MLflow

pip install --upgrade mlflow

Verify with:

verify

mlflow --version

Workaround: Avoid deploying models with `env_manager=LOCAL` from untrusted sources. Sanitize dependency specifications in `python_env.yaml`.

NextGuard automatically flags CVE-2025-15379 if Mlflow appears in any of your monitored projects — no manual lookup required.

Stay ahead of python vulnerabilities

Proactively detect and remediate python vulnerabilities in your projects. Use NextGuard to monitor your python dependencies.

Compare Plans

Frequently asked questions

Multiple critical vulnerabilities were discovered in MLflow. Ensure you upgrade to the latest versions to mitigate potential risks and maintain the security of your machine learning workflows. You can see all python vulnerabilities on our platform.