Platform
python
Component
mlflow
Fixed in
3.9.0
3.9.0rc0
CVE-2025-15036 describes a critical path traversal vulnerability discovered in MLflow, a platform for managing the machine learning lifecycle. This flaw allows attackers with control over a tar.gz archive to overwrite arbitrary files on the system, potentially leading to privilege escalation or data breaches. The vulnerability affects versions of MLflow prior to v3.7.0, and a fix is available in version 3.9.0rc0.
The path traversal vulnerability in MLflow's extractarchiveto_dir function poses a significant security risk. An attacker can craft a malicious tar.gz archive containing specially designed file paths. When MLflow attempts to extract this archive, the attacker can manipulate the extraction process to write files outside of the intended sandbox directory. This can lead to overwriting critical system files, injecting malicious code, or gaining unauthorized access to sensitive data. In multi-tenant or shared cluster environments, this vulnerability could allow an attacker to compromise other users' workloads or the entire system. The ability to overwrite arbitrary files effectively grants the attacker a high degree of control over the affected system.
CVE-2025-15036 was published on 2026-03-30. The vulnerability's criticality (CVSS 9.6) indicates a high probability of exploitation if left unpatched. As of this writing, there are no publicly known proof-of-concept exploits, but the ease of crafting a malicious tar.gz archive suggests that exploitation is likely. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.05% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-15036 is to upgrade MLflow to version 3.9.0rc0 or later, which includes a fix for the path traversal vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds. One approach is to restrict the directories where MLflow can extract archives, limiting the potential impact of a successful exploit. Additionally, carefully validate the contents of any tar.gz archives before processing them within MLflow. Implement strict access controls to the MLflow artifact store to prevent unauthorized file modifications. After upgrading, verify the fix by attempting to extract a malicious tar.gz archive designed to exploit the path traversal vulnerability and confirm that the extraction fails with an appropriate error.
Update the mlflow library to version 3.9.0 or higher. This corrects the path traversal vulnerability in the `extract_archive_to_dir` function by properly validating tar member paths during extraction. The update prevents arbitrary file overwrites and potential privilege escalation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-15036 is a critical path traversal vulnerability in MLflow versions up to 3.8.1, allowing attackers to overwrite files and potentially gain elevated privileges.
You are affected if you are using MLflow versions 3.8.1 or earlier. Upgrade to 3.9.0rc0 or later to mitigate the risk.
Upgrade MLflow to version 3.9.0rc0 or later. As a temporary workaround, restrict archive extraction directories and validate archive contents.
While no public exploits are currently known, the vulnerability's criticality suggests a high likelihood of exploitation if left unpatched.
Refer to the MLflow security advisories and release notes on the MLflow GitHub repository for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.