2448912 – (CVE-2025-15031) CVE-2025-15031 mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow

Bug 2448912 (CVE-2025-15031) - CVE-2025-15031 mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow

Summary: CVE-2025-15031 mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow

Keywords:
Status:	NEW
Alias:	CVE-2025-15031
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-18 23:02 UTC by OSIDB Bzimport
Modified:	2026-03-19 10:13 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-18 23:02:17 UTC

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.

Note You need to log in before you can comment on or make changes to this bug.