CVE-2025-15036

Received
Published: 30 Mar 2026, 01:16
Last modified:30 Mar 2026, 01:16

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.6 CRITICAL
v3.0 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

30 Mar 2026, 01:16
Published
Vulnerability first disclosed

Description

A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.

CVSS Metrics

  • v3.0CRITICALScore: 9.6CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Techniques & Countermeasures

  • CWE-29Path Traversal: '\..\filename'

    The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

Affected Systems

  • mlflowmlflow/mlflow

    ≥ unspecified, < 3.9.0

References (2)