BIT-MLFLOW-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +685 more potentially affected by CVE-2025-10279 via mlflow (>=3.0.0rc2 <=3.4.0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-10279 Source advisory: SNYK:PYTHON-MLFLOW-15170849...

Creation of Temporary File With Insecure Permissions

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions in the...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +739 more potentially affected by CVE-2025-10279 via mlflow-skinny (>=3.0.0 <=3.4.0)

mlflow-skinny PYPI version =3.0.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-10279 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16755466...

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions in the getorcreatetmpdir function in fileutils.py. This enables an attacker who can write to /tmp to cause the execution of arbitrary .py files during environment setup. Remediation...

Exploit for Deserialization of Untrusted Data in Lfprojects Mlflow

| / || |...

Authorization Bypass in MLflow Basic Auth (unprotected Flask/GraphQL routes)

This report is not public...

aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54886 via skops (>=0.10.0 <=0.11.0)

skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54886 Source advisory: OSV:GHSA-378X-6P4F-8JGM...

aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54886 via skops (>=0.10.0 <=0.11.0)

skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54886 Source advisory: SNYK:PYTHON-SKOPS-11509790...

BIT-MLFLOW-2025-1473 CSRF in mlflow/mlflow

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

BIT-MLFLOW-2024-8859 Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

Server Side Request Forgery (SSRF)

mlflow is vulnerable to missing input validation. The vulnerability is due to missing validation of the gatewaypath parameter in the gatewayproxyhandler function, allowing an attacker to manipulate the request path to access unintended internal endpoints or services...

SSRF in MLflow via user-controlled gateway_path parameter

Description A Server-Side Request Forgery SSRF vulnerability exists in the gatewayproxyhandler function of MLflow. This function accepts a user-controlled gatewaypath parameter and concatenates it directly with a targeturi, allowing an attacker to control the full outbound HTTP request path from...

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

Server-side Request Forgery (SSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of th...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +665 more potentially affected by CVE-2025-52967 via mlflow (>=3.0.0rc2 <=3.13.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-52967 Source advisory: OSV:GHSA-WXJ7-3FX5-PP9M...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +218 more potentially affected by CVE-2025-52967 via mlflow (>=0.8.2 <=2.22.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-52967 Source advisory: OSV:GHSA-WXJ7-3FX5-PP9M...

MLFlow SSRF via gateway_proxy_handler

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

GHSA-WXJ7-3FX5-PP9M MLFlow SSRF via gateway_proxy_handler

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

PYSEC-2025-52

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...