CVE-2025-10279 is a vulnerability classified under CWE-379, involving the creation of temporary files in directories with insecure permissions within mlflow version 2.20.3. Mlflow, a popular open-source platform for managing the machine learning lifecycle, creates Python virtual environments in temporary directories assigned world-writable permissions (mode 0o777). This insecure permission setting allows any user with write access to the /tmp directory to exploit a race condition during the creation of these virtual environments. Specifically, an attacker can overwrite .py files in the virtual environment before they are used, enabling arbitrary code execution under the context of the mlflow process. The vulnerability requires local access with low privileges but does not require user interaction, making it a significant risk in multi-user or shared environments. The CVSS v3.0 score of 7.0 reflects high severity due to the high impact on confidentiality, integrity, and availability, although the attack complexity is high and privileges are required. The issue is addressed in mlflow version 3.4.0 by correcting the permissions on temporary directories to prevent unauthorized write access. No public exploits have been reported yet, but the vulnerability presents a critical risk for organizations running vulnerable mlflow versions, especially in environments where multiple users share system resources or where attackers can gain limited local access.

For European organizations, this vulnerability poses a significant risk to the security of machine learning workflows and data science environments that rely on mlflow. Successful exploitation can lead to arbitrary code execution, potentially allowing attackers to escalate privileges, access sensitive data, manipulate machine learning models, or disrupt operations. The impact extends to confidentiality, integrity, and availability of systems running vulnerable mlflow versions. Organizations using shared or multi-tenant systems, such as research institutions, universities, and cloud providers, are particularly vulnerable. The risk is heightened in environments where attackers can gain low-level local access, such as through compromised user accounts or insider threats. Given the growing adoption of mlflow in European tech sectors, this vulnerability could affect critical infrastructure and intellectual property if not mitigated promptly.

1. Upgrade mlflow to version 3.4.0 or later, where the vulnerability is fixed. 2. Restrict permissions on temporary directories used by mlflow to prevent world-writable access; ensure directories are created with least privilege (e.g., 0o700). 3. Implement strict access controls on shared systems to limit write access to /tmp or equivalent temporary storage locations. 4. Monitor file system changes in temporary directories for suspicious activity indicative of race condition exploitation. 5. Use containerization or sandboxing to isolate mlflow environments, reducing the impact of potential code execution. 6. Conduct regular security audits and penetration tests focusing on local privilege escalation and file permission misconfigurations. 7. Educate users and administrators about the risks of insecure temporary file handling and the importance of patching vulnerable software promptly.