CVE-2025-15379 in MLflow
摘要 (英语)
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.
负责
@huntr_ai
预定
2025-12-30
披露
2026-03-30
条目
| 标识符 | 漏洞 | CWE | 基础 | 临时 | 0day | 今天 | 可利用 | KEV | EPSS | CTI | 对策 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354151 | MLflow Model _install_model_dependencies_to_env 权限提升 | 77 | 8.1 | 8.0 | $0-$5k | $0-$5k | 未定义 | 0.00000 | 5.23 | 官方修复 | CVE-2025-15379 |