PatchSiren cyber security CVE debrief
CVE-2025-15036 mlflow CVE debrief
CVE-2025-15036 is a critical path traversal vulnerability in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments. The vulnerability has a CVSS score of 10 and is classified as CRITICAL. The CVE was published on March 30, 2026, and last modified on June 30, 2026. The vulnerability affects lfprojects:mlflow with CPE criteria cpe:2.3:a:lfprojects:mlflow:*:-:*:*:*:*:*:* versionEndExcluding: 3.9.0.
- Vendor
- mlflow
- Product
- mlflow/mlflow
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-30
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-30
- Advisory updated
- 2026-06-30
Who should care
Security teams and administrators responsible for mlflow/mlflow deployments should prioritize patching this vulnerability to prevent potential attacks. The vulnerability's critical severity and potential for sandbox escape in multi-tenant environments make it a high-priority issue. Additionally, developers using mlflow/mlflow in their applications should ensure they are using a patched version to protect against potential exploits.
Technical summary
The vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. The issue arises from the lack of validation of tar member paths during extraction, allowing an attacker to overwrite arbitrary files or gain elevated privileges. The vulnerability has a CVSS score of 10 and is classified as CRITICAL. The affected product is lfprojects:mlflow with CPE criteria cpe:2.3:a:lfprojects:mlflow:*:-:*:*:*:*:*:* versionEndExcluding: 3.9.0. The CVE was published on March 30, 2026, and last modified on June 30, 2026.
Defensive priority
This vulnerability has a high defensive priority due to its critical severity and potential for sandbox escape in multi-tenant environments. Security teams and administrators should prioritize patching this vulnerability to prevent potential attacks.
Recommended defensive actions
- Apply the patch from https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
- Review and update mlflow/mlflow deployments to ensure they are using a patched version
- Monitor for potential exploits and implement compensating controls if patching is not immediately feasible
- Perform a thorough inventory check to identify potentially affected systems
- Implement additional security measures to prevent sandbox escape in multi-tenant environments
Evidence notes
The vulnerability was reported by [email protected] and has been documented in various sources, including the NVD and Red Hat security advisories. The CVE record and NVD detail pages provide additional information about the vulnerability.
Official resources
-
CVE-2025-15036 CVE record
CVE.org
-
CVE-2025-15036 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.