Platform
python
Component
mlflow
Fixed in
3.8.2
CVE-2025-15381 describes an authentication bypass vulnerability in mlflow. When the basic-auth app is enabled, tracing and assessment endpoints lack permission validation, allowing unauthorized access to trace information and creation of assessments. This impacts confidentiality and integrity. The vulnerability affects mlflow versions up to the latest. No official patch is currently available.
CVE-2025-15381 in mlflow/mlflow affects deployments utilizing basic authentication (basic-auth) with tracing and assessment endpoints enabled. These endpoints are not protected by permission validators. This allows any authenticated user, including those with NO_PERMISSIONS on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability compromises confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments, potentially leading to inaccurate conclusions or data manipulation. The CVSS severity is 8.1, indicating a high risk.
An attacker with authenticated access to an mlflow experiment, but with limited permissions (NO_PERMISSIONS), could exploit this vulnerability to access confidential trace information. This could reveal details about the model training process, such as hyperparameters, metrics, and input data. Furthermore, the attacker could create false assessments for the traces, potentially influencing decisions based on mlflow results. Basic authentication, while easy to implement, is inherently less secure than other authentication methods, especially if additional access controls are not implemented.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
Currently, there is no direct fix available in mlflow/mlflow for this vulnerability. The most effective mitigation is to disable basic authentication (basic-auth) if it is not absolutely necessary. If basic authentication is required, it is recommended to implement custom access controls at the application level to protect the tracing and assessment endpoints. This involves explicitly verifying the user's permissions before allowing access to these resources. Actively monitoring mlflow logs for suspicious activity related to trace and assessment access is also crucial. Staying attentive to updates from mlflow/mlflow for future patches is recommended.
Update the mlflow library to the latest available version. This will fix the vulnerability that allows unauthorized access to tracing and assessment endpoints when the `basic-auth` application is enabled.
Vulnerability analysis and critical alerts directly to your inbox.
In mlflow, tracing endpoints allow you to visualize the execution flow of an experiment, while assessment endpoints allow you to analyze and compare the results of different runs.
It means the user does not have explicit permissions to access the experiment's resources.
The configuration for disabling basic authentication varies depending on how mlflow is deployed. Refer to the mlflow documentation for specific instructions.
You can implement custom access controls using middleware or decorators in your application to verify the user's permissions before allowing access to the tracing and assessment endpoints.
You can find more information about this vulnerability in the corresponding CVE entry: CVE-2025-15381.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.