{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15031", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-12-22T14:49:46.957Z", "datePublished": "2026-03-18T22:06:47.300Z", "dateUpdated": "2026-03-19T13:52:40.477Z"}, "containers": {"cna": {"title": "Path Traversal Vulnerability in mlflow/mlflow", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2026-03-18T22:06:47.300Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution."}], "affected": [{"vendor": "mlflow", "product": "mlflow/mlflow", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22"}]}], "source": {"advisory": "09856f77-f968-446f-a930-657d126efe4e", "discovery": "EXTERNAL"}}, "adp": [{"references": [{"url": "https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:52:23.186232Z", "id": "CVE-2025-15031", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:52:40.477Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15031", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-19T13:52:23.186232Z"}}}], "references": [{"url": "https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:52:35.965Z"}}], "cna": {"title": "Path Traversal Vulnerability in mlflow/mlflow", "source": {"advisory": "09856f77-f968-446f-a930-657d126efe4e", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mlflow", "product": "mlflow/mlflow", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e"}], "descriptions": [{"lang": "en", "value": "A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2026-03-18T22:06:47.300Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15031", "state": "PUBLISHED", "dateUpdated": "2026-03-19T13:52:40.477Z", "dateReserved": "2025-12-22T14:49:46.957Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2026-03-18T22:06:47.300Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1C49CD5-5BB0-422B-9A71-5A6832DF6713", "versionEndIncluding": "3.10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de extracci\u00f3n pyfunc de MLflow permite escrituras arbitrarias de archivos debido a un manejo inadecuado de las entradas de archivos tar. Espec\u00edficamente, el uso de 'tarfile.extractall' sin validaci\u00f3n de ruta permite que archivos tar.gz manipulados que contienen '..' o rutas absolutas escapen del directorio de extracci\u00f3n previsto. Este problema afecta a la \u00faltima versi\u00f3n de MLflow y plantea un riesgo alto/cr\u00edtico en escenarios que involucran entornos multi-inquilino o la ingesta de artefactos no confiables, ya que puede conducir a sobrescrituras arbitrarias de archivos y potencial ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-15031", "lastModified": "2026-03-23T17:48:45.340", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-18T23:17:28.693", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "url": "https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "url": "https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{"bugzilla": {"description": "mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow", "id": "2448912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448912"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["No description is available for this CVE."], "name": "CVE-2025-15031", "package_state": [{"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-03-18T22:06:47Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-15031\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15031\nhttps://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,latest]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "mlflow/mlflow", "source": "cna", "vendor": "mlflow"}, "product": "mlflow/mlflow", "vendor": "mlflow"}], "analysis": {"en": {"generated_at": "2026-03-23T19:53:12.922327+00:00", "value": {"mitigation_remediation": ["Apply the latest MLflow patch or upgrade to a version where the pyfunc extraction uses validated paths.", "If a patch is not yet available, restrict ingestion of tar.gz artifacts to trusted sources and validate archive contents before extraction.", "Consider disabling the pyfunc extraction feature or preventing untrusted archive uploads until the vulnerability is fixed."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary file overwrite that can lead to remote code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the MLflow platform supplied by the vendor mlflow, specifically the product mlflow/mlflow. It is present in the current latest release of MLflow; no older versions are specified, so users should confirm the version they run against vendor guidance.", "description_and_impact": "The flaw is in MLflow\u2019s pyfunc extraction routine when handling tar.gz files. A malicious archive can contain path traversal sequences or absolute paths. Because tarfile.extractall is called without validating entry paths, files are written outside the intended extraction directory. An attacker could overwrite critical configuration files or inject executable code, which may result in remote code execution on the MLflow server.", "risk_and_exploitability": "The CVSS score of 9.1 indicates a critical severity. The EPSS score is below 1%, suggesting a low but non\u2011negligible likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires providing a crafted tar.gz file to the MLflow pyfunc extraction endpoint, which is common in multi\u2011tenant or untrusted artifact ingestion scenarios. Successful exploitation would allow arbitrary file overwrite and could lead to remote code execution."}}}}, "created": "2026-03-19T08:55:10.938801+00:00", "updated": "2026-03-25T11:51:54.206850+00:00", "vendors": ["mlflow", "mlflow$PRODUCT$mlflow/mlflow"]}