FKIE_CVE-2025-15036

Vulnerability from fkie_nvd - Published: 2026-03-30 02:16 - Updated: 2026-03-30 13:26
Severity ?
9.6 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.
References
security@huntr.devhttps://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
security@huntr.devhttps://huntr.com/bounties/36c314cf-fd6e-4fb0-b9b0-1b47bcdf0eb0
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de salto de ruta en la funci\u00f3n \u0027extract_archive_to_dir\u0027 dentro del archivo \u0027mlflow/pyfunc/dbconnect_artifact_cache.py\u0027 del repositorio mlflow/mlflow. Esta vulnerabilidad, presente en versiones anteriores a la v3.7.0, surge debido a la falta de validaci\u00f3n de las rutas de los miembros del tar durante la extracci\u00f3n. Un atacante con control sobre el archivo tar.gz puede explotar este problema para sobrescribir archivos arbitrarios o obtener privilegios elevados, escapando potencialmente del directorio sandbox en entornos multi-inquilino o de cl\u00faster compartido."
    }
  ],
  "id": "CVE-2025-15036",
  "lastModified": "2026-03-30T13:26:07.647",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-30T02:16:14.413",
  "references": [
    {
      "source": "security@huntr.dev",
      "url": "https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://huntr.com/bounties/36c314cf-fd6e-4fb0-b9b0-1b47bcdf0eb0"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-29"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.