CVE-2025-15036

CRITICAL

Published:Mar 30, 2026(Today)

Modified:Mar 30, 2026

AI Explanation

A path traversal vulnerability in the mlflow/mlflow repository allows attackers to overwrite arbitrary files or gain elevated privileges by exploiting the lack of validation of tar member paths during extraction. This issue affects versions before v3.7.0 and can be triggered by an attacker with control over the tar.gz file. The vulnerability can lead to escaping the sandbox directory in multi-tenant or shared cluster environments.

Developers and users of the mlflow/mlflow repository with versions before v3.7.0 are at risk of arbitrary file overwrites and elevated privileges, posing a critical security threat.

Network AccessLow ComplexityNo Auth NeededUser Interaction Required

How to Fix

1Update the mlflow/mlflow repository to version v3.7.0 or later. 2. Validate tar member paths during extraction to prevent path traversal attacks. 3. Implement additional security measures, such as access controls and input validation, to prevent exploitation.

References

https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e...
https://huntr.com/bounties/36c314cf-fd6e-4fb0-b9b0-1b47bcdf0eb0

CVSS Score

v3.1

9.6/ 10.0

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

At a Glance

Affected Products

References

CVSS v3 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVE-2025-15036

✦ AI Explanation

How to Fix

References

CVSS Score

At a Glance

CVSS v3 Vector

Impact Analysis

AI Explanation