CVE-2025-15379
CriticalCVSS 9.8Exploitation Probability (EPSS)
High risk78th percentile — higher than 78% of all known CVEs
Summary
A command injection vulnerability exists in MLflow's model serving container initialization code. The `_install_model_dependencies_to_env()` function directly interpolates dependencies from `python_env.yaml` into a shell command without sanitization, allowing arbitrary command execution.
Risk Assessment
An attacker can supply a malicious model artifact that, when deployed, enables remote arbitrary command execution, leading to full system compromise and potential data exfiltration.
Recommendation
Upgrade MLflow to version 3.8.2 or later immediately. Before upgrading, verify the provenance of all deployed models.
Original NVD description (English source)
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.

