CVE-2025-15031: Arbitrary file write via tar traversal in mlflow
A vulnerability in MLflow’s pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.
References
- github.com/advisories/GHSA-fhff-qmm8-h2fp
- github.com/mlflow/mlflow
- github.com/mlflow/mlflow/blob/fe4d9be330426904283401f1d2ed914238b6fc37/mlflow/pyfunc/dbconnect_artifact_cache.py
- github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
- huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e
- nvd.nist.gov/vuln/detail/CVE-2025-15031
Code Behaviors & Features
Detect and mitigate CVE-2025-15031 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →