CVE-2025-15031
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk54th percentile - higher than 54% of all known CVEs
Summary
A vulnerability in MLflow's pyfunc extraction process allows arbitrary file writes due to improper handling of tar archive entries. The use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory.
Risk Assessment
The risk for the organization includes arbitrary file overwrites and potential remote code execution, especially in multi-tenant environments or when ingesting untrusted artifacts.
Recommendation
It is recommended to immediately update MLflow to a patched version and implement path validation in the tar archive extraction process.
Original NVD description (English source)
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.

