CVE-2025-15031 Path Traversal Vulnerability in mlflow/mlflow

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

CVE-2025-15031

MLflow is affected by a path-traversal in its pyfunc extraction: tarfile.extractall is used without validating archive paths, allowing crafted tar.gz files to escape the extraction directory via .. or absolute paths. Documents consistently describe potential arbitrary file writes and the risk of ...

MLflow 路径遍历漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. MLFlow has a path traversal vulnerability, which stems from improper handling of tar archive entri...

PT-2026-26162

Name of the Vulnerable Software and Affected Versions MLflow affected versions not specified Description A flaw exists in the pyfunc extraction process within MLflow that can allow for arbitrary file writes. This occurs because of inadequate handling of entries within tar archives, specifically...

CVE-2025-14287

A flaw was found in MLflow, a platform for managing the machine learning lifecycle. This vulnerability, known as command injection, allows an attacker to execute unauthorized commands on the system. By providing specially crafted input through the --container parameter, an attacker can bypass...

EUVD-2025-208671

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

MLflow has a command injection in mlflow/sagemaker/__init__.py

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +946 more potentially affected by CVE-2025-14287 via mlflow (>=0.8.2 <=3.6.0rc0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2025-14287 Source advisory: OSV:GHSA-XCH3-2F9X-WH9F...

GHSA-XCH3-2F9X-WH9F MLflow has a command injection in mlflow/sagemaker/__init__.py

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

CVE-2025-14287

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

CVE-2025-14287

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

Command Injection

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Command Injection via the --container parameter. An attacker can...

CVE-2025-14287 Command Injection in mlflow/mlflow

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +751 more potentially affected by CVE-2025-14287 via mlflow-skinny (>=3.0.0 <=3.8.0)

mlflow-skinny PYPI version =3.0.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-14287 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698158...

CVE-2025-14287 Command Injection in mlflow/mlflow

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

CVE-2025-14287

Summary: CVE-2025-14287 is a command-injection in mlflow/mlflow prior to v3.7.0. The flaw resides in mlflow/sagemaker/init .py (lines 161–167) where user-supplied container image names are directly interpolated into shell commands and executed with os.system(), enabling arbitrary command executio...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +694 more potentially affected by CVE-2025-14287 via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-14287 Source advisory: SNYK:PYTHON-MLFLOW-15674468...

PT-2026-25547

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.7.0 Description A command injection issue exists due to the direct interpolation of user-supplied container image names into shell commands without proper sanitization. These commands are then executed using the...

MLflow 代码注入漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible executions, and sharing and deploying models. Prior to MLv3.7.0, there was a code injection vulnerability. This vulnerability stemmed from...

PT-2026-23821

We at Tachyon found an auth bypass in MLflow https://tachyon.so/blog/cve-2025-14297-mlflow-authorization-bypass: 1. Black-box scanners would need to discover the right users, roles, and state transitions, then generate specific request sequences that trigger a gap: a combinatorial problem that...