CVE-2025-15036 MLflow 路径遍历漏洞：文件覆盖

MLflow 中的 CVE-2025-15036 代表了一个关键的路径遍历漏洞。它影响了 3.7.0 之前的版本，并且源于在提取过程中对 tar.gz 成员路径的验证不足。具有控制恶意 tar.gz 文件内容的攻击者可以利用这种弱点来覆盖系统上的任意文件，从而可能获得提升的权限或逃离多租户环境中的沙箱环境。CVSS 分数为 9.6，表明风险极高。缺乏验证允许攻击者操纵提取路径以访问预期目标目录之外的目录，从而损害数据完整性和保密性。

Organizations using MLflow in multi-tenant or shared cluster environments are particularly at risk. This includes data science teams deploying machine learning models in cloud-based platforms or containerized environments. Legacy MLflow deployments using older versions are also vulnerable.

• python / mlflow:

import os
import tarfile

def check_mlflow_vulnerability(archive_path):
    try:
        with tarfile.open(archive_path, 'r') as tar:
            for member in tar.getmembers():
                if '..' in member.name:
                    print(f"Potential path traversal detected in member: {member.name}")
                    return True
        return False
    except Exception as e:
        print(f"Error processing archive: {e}")
        return False

# Example usage
archive_path = 'path/to/your/archive.tar.gz'
if check_mlflow_vulnerability(archive_path):
    print("Vulnerability potentially present.")
else:
    print("No immediate path traversal vulnerability detected.")

• generic web: Check for unusual file creations or modifications in the MLflow artifact store directory. Monitor system logs for errors related to file access or extraction.

1. 2026-03-30Disclosure

   disclosure

1. 已保留2025-12-23
2. 发布日期2026-03-30
3. 修改日期2026-04-01
4. EPSS 更新日期2026-04-06

推荐的解决方案是将 MLflow 升级到 3.7.0 或更高版本。此版本通过在提取过程中实现对 tar.gz 文件路径的强大验证来修复漏洞，从而防止路径遍历。此外，建议审查和加强与工件管理和用户输入验证相关的安全策略。在多租户环境中，实施额外的隔离措施对于减轻成功利用的潜在影响至关重要。监控系统日志以查找可疑活动也是一种推荐的做法，用于检测和响应潜在攻击。