Vulnerability DatabaseCVE-2025-15031
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-15031
March 18, 2026
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of "tarfile.extractall" without path validation enables crafted tar.gz files containing ".." or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
Affected Packages
mlflow (PYTHON):
Affected version(s) >=0.0.1 <3.9.0rc0
Fix Suggestion:
Update to version 3.9.0rc0
Related ResourcesĀ (5)
https://nvd.nist.gov/vuln/detail/CVE-2025-15031
https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e
https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
https://github.com/mlflow/mlflow
https://github.com/mlflow/mlflow/blob/fe4d9be330426904283401f1d2ed914238b6fc37/mlflow/pyfunc/dbconnect_artifact_cache.py#L140
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.6
Attack Vector
ADJACENT
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.1
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22
EPSS
Base Score:
0.12