- Description
- A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.
- Source
- security@huntr.dev
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@huntr.dev
- CWE-29
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
2
⚡ New CVE Alert: CVE-2025-15036 📊 Severity: 9.6 🚨 Risk Level: Critical 🧩 Affects: Multiple / Unspecified Products Reference: https://t.co/o90kGger0p #CVE-2025-15036 #CVE #Critical #CyberSecurity #InfoSec https://t.co/i7olyMNzuP
@CVEarity
30 Mar 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-15036 A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow reposi… https://t.co/V9RZEb0SDJ
@CVEnew
30 Mar 2026
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: CVE-2025-15036 - Path Traversal Vulnerability in mlflow/mlflow Intel Report: https://t.co/dVi8iXe7yY
@cyberbivash
30 Mar 2026
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-15036: CRITICAL] Critical path traversal vulnerability identified in mlflow repository's `extract_archive_to_dir` function allowing attackers to overwrite files or attain higher privileges pre v3.7.0.#cve,CVE-2025-15036,#cybersecurity https://t.co/mgMvf6dgDr
@CveFindCom
30 Mar 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-15036 - Critical A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerabil... https://t.co/7cLOrG0Ed0 https://t.co/0ZsC4YNqu0
@TheHackerWire
30 Mar 2026
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-15036: Path Traversal Vulnerability in ... MLFlow's tar extraction bypasses path validation—classic zip slip in ML pipelines means one malicious model archive own... https://t.co/qKVNIc67VG #netsec #vulnerability #CVE #sysadmin #zeroday
@0dayPublishing
30 Mar 2026
159 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes