- CVSS
- CRITICAL · 9.1 v3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Published
- 2026-03-18
- Weakness
- CWE-22
- Source
- nvd.nist.gov/vuln/detail/CVE-2025-15031
Description
A vulnerability in MLflow’s pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
References
How GTK Cyber trains on this
AI security training at GTK Cyber covers the LLM and ML-pipeline vulnerability classes that vulnerabilities like CVE-2025-15031 fall into. Our hands-on courses are taught by Charles Givre and other practitioners who break and defend production AI systems.