EUVD-2026-30807

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +904 more potentially affected by CVE-2025-10279 via mlflow (>=0.8.2 <=3.4.0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =0.1.0, =0.2.1 and more Source cves: CVE-2025-10279 Source advisory: OSV:GHSA-4X5P-F36R-MXXR...

CVE-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +651 more potentially affected by CVE-2025-10279 via mlflow (>=3.0.0rc2 <=3.4.0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-10279 Source advisory: SNYK:PYTHON-MLFLOW-15170849...