PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-15381 mlflow CVE debrief

CVE-2025-15381 is a high-severity vulnerability in the mlflow/mlflow project. When the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. The vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected. Users should update to a patched version as soon as possible.

Vendor
mlflow
Product
mlflow/mlflow
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-27
Original CVE updated
2026-06-30
Advisory published
2026-03-27
Advisory updated
2026-06-30

Who should care

Users of mlflow/mlflow who have enabled the `basic-auth` app should be aware of this vulnerability. This includes anyone using mlflow/mlflow for tracing and assessment, especially in environments where multiple users have access to the system. Security teams should prioritize patching or mitigating this vulnerability to prevent unauthorized access to sensitive information.

Technical summary

The vulnerability exists in the mlflow/mlflow project when the `basic-auth` app is enabled. Tracing and assessment endpoints do not have proper permission validation, allowing authenticated users to access and create assessments for traces they should not have access to. This is due to a lack of permission checks on these endpoints. The vulnerability has a CVSS score of 7.1 and is considered high severity.

Defensive priority

High priority should be given to patching or mitigating this vulnerability. As the vulnerability allows unauthorized access to sensitive information and creation of assessments, defenders should act quickly to protect their environments.

Recommended defensive actions

  • Update to a patched version of mlflow/mlflow as soon as available.
  • Disable the `basic-auth` app if not required.
  • Implement additional access controls or permission checks for tracing and assessment endpoints.
  • Monitor for suspicious activity on tracing and assessment endpoints.
  • Review and update user permissions to ensure least privilege access.

Evidence notes

The vulnerability was reported by [email protected] and is documented in the NVD and CVE records. Multiple sources, including Red Hat, have provided additional information and references. However, the exact scope of affected systems and users is not fully clear from the available information.

Official resources

This article was generated with AI assistance based on the supplied source corpus.