CVE-2025-15031:
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.1High- Published Date:Mar 18, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Exploitability
- Score:2.8
- Attack Vector:ADJACENT_NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.2
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:NONE
Description Preview
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
