PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-15036 mlflow CVE debrief

CVE-2025-15036 is a critical path traversal vulnerability in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments. The vulnerability has a CVSS score of 10 and is classified as CRITICAL. The CVE was published on March 30, 2026, and last modified on June 30, 2026. The vulnerability affects lfprojects:mlflow with CPE criteria cpe:2.3:a:lfprojects:mlflow:*:-:*:*:*:*:*:* versionEndExcluding: 3.9.0.

Vendor
mlflow
Product
mlflow/mlflow
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-30
Original CVE updated
2026-06-30
Advisory published
2026-03-30
Advisory updated
2026-06-30

Who should care

Security teams and administrators responsible for mlflow/mlflow deployments should prioritize patching this vulnerability to prevent potential attacks. The vulnerability's critical severity and potential for sandbox escape in multi-tenant environments make it a high-priority issue. Additionally, developers using mlflow/mlflow in their applications should ensure they are using a patched version to protect against potential exploits.

Technical summary

The vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. The issue arises from the lack of validation of tar member paths during extraction, allowing an attacker to overwrite arbitrary files or gain elevated privileges. The vulnerability has a CVSS score of 10 and is classified as CRITICAL. The affected product is lfprojects:mlflow with CPE criteria cpe:2.3:a:lfprojects:mlflow:*:-:*:*:*:*:*:* versionEndExcluding: 3.9.0. The CVE was published on March 30, 2026, and last modified on June 30, 2026.

Defensive priority

This vulnerability has a high defensive priority due to its critical severity and potential for sandbox escape in multi-tenant environments. Security teams and administrators should prioritize patching this vulnerability to prevent potential attacks.

Recommended defensive actions

  • Apply the patch from https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
  • Review and update mlflow/mlflow deployments to ensure they are using a patched version
  • Monitor for potential exploits and implement compensating controls if patching is not immediately feasible
  • Perform a thorough inventory check to identify potentially affected systems
  • Implement additional security measures to prevent sandbox escape in multi-tenant environments

Evidence notes

The vulnerability was reported by [email protected] and has been documented in various sources, including the NVD and Red Hat security advisories. The CVE record and NVD detail pages provide additional information about the vulnerability.

Official resources

This article is AI-assisted and based on the supplied source corpus.