Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/19 10:15 a.m.4 views

CVE-2025-15031

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

9.1CVSS7.6AI score0.00852EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/03/19 12:30 a.m.5 views

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +766 more potentially affected by CVE-2025-15031 via mlflow-skinny (>=3.0.0 <=3.9.0)

mlflow-skinny PYPI version =3.0.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-15031 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698159...

9.1CVSS7.2AI score0.00852EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/19 12:30 a.m.9 views

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +702 more potentially affected by CVE-2025-15031 via mlflow (>=3.0.0rc2 <=3.9.0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-15031 Source advisory: SNYK:PYTHON-MLFLOW-15700505...

9.1CVSS7.2AI score0.00852EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/19 12:30 a.m.4 views

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +952 more potentially affected by CVE-2025-15031 via mlflow (>=0.8.2 <=3.9.0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2025-15031 Source advisory: OSV:GHSA-FHFF-QMM8-H2FP...

9.1CVSS7.2AI score0.00852EPSS
Exploits1
OSV
OSV
added 2026/03/18 10:6 p.m.2 views

CVE-2025-15031 Path Traversal Vulnerability in mlflow/mlflow

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

8.1CVSS7.6AI score0.00852EPSS
Exploits1References6
Rows per page
Query Builder