Description
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
References (4)
Core 4
Core References
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-15031
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2448912
Scores
CVSS v3
9.1
EPSS
0.0085
EPSS Percentile
54.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (3)
lfprojects/mlflow
< 3.10.1
mlflow/mlflow/mlflow
unspecified - latest
pypi/mlflow
0 - 3.9.0rc0PyPI
Published
Mar 18, 2026
Tracked Since
Mar 19, 2026