CVE-2025-15031 | THREATINT

Description

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.

PUBLISHED Reserved 2025-12-22 | Published 2026-03-18 | Updated 2026-03-19 | Assigner @huntr_ai

HIGH: 8.1CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Any version

affected

References

huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e exploit

huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e

cve.org (CVE-2025-15031)

nvd.nist.gov (CVE-2025-15031)

Download JSON