10
CVE-2025-15379
- EPSS 1.99%
- Veröffentlicht 30.03.2026 07:16:57
- Zuletzt bearbeitet 30.06.2026 03:16:45
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
Command Injection in mlflow/mlflow
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lfprojects ≫ Mlflow Version >= 3.8.0 <= 3.8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.99% | 0.782 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 9 | 2.3 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
|
| security@huntr.dev | 10 | 3.9 | 6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://huntr.com/bounties/dc9c1c20-7879-4050-87df-4d095fe5ca75
https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e
https://access.redhat.com/security/cve/CVE-2025-15379
https://bugzilla.redhat.com/show_bug.cgi?id=2452949
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15379.json