CVE-2025-15036: CWE-29 Path Traversal: '\..\filename' in mlflow mlflow/mlflow
CVE-2025-15036 is a critical path traversal vulnerability in the mlflow/mlflow project affecting versions prior to v3. 7. 0. It exists in the extract_archive_to_dir function due to improper validation of tar archive member paths during extraction. An attacker controlling a crafted tar. gz file can exploit this to overwrite arbitrary files outside the intended directory, potentially escaping sandbox restrictions in shared or multi-tenant environments. This can lead to full system compromise, including elevated privileges and data integrity loss.
AI Analysis
Technical Summary
This vulnerability (CWE-29) arises from the lack of validation of file paths when extracting tar.gz archives in the mlflow/mlflow repository's extract_archive_to_dir function. Specifically, malicious tar members with path traversal sequences such as '\..\filename' can cause files to be written outside the designated extraction directory. This flaw affects all versions before v3.7.0. Exploitation requires an attacker to supply a crafted tar.gz file, enabling overwriting of arbitrary files and potential sandbox escape in multi-tenant or shared cluster setups.
Potential Impact
Successful exploitation allows an unauthenticated attacker who can supply a malicious tar.gz archive to overwrite arbitrary files on the host system. This can lead to privilege escalation, data corruption, or system compromise, especially in environments relying on sandboxing or multi-tenant isolation. The CVSS score of 9.6 reflects the critical nature with high confidentiality, integrity, and availability impacts.
Mitigation Recommendations
A fix is available in mlflow version 3.7.0 and later, which includes validation to prevent path traversal during archive extraction. Users should upgrade to version 3.7.0 or newer to remediate this vulnerability. Since no patch links are provided here, verify the vendor advisory or official mlflow release notes for the exact remediation details. Until upgraded, avoid processing untrusted tar.gz files with vulnerable versions.
CVE-2025-15036: CWE-29 Path Traversal: '\..\filename' in mlflow mlflow/mlflow
Description
CVE-2025-15036 is a critical path traversal vulnerability in the mlflow/mlflow project affecting versions prior to v3. 7. 0. It exists in the extract_archive_to_dir function due to improper validation of tar archive member paths during extraction. An attacker controlling a crafted tar. gz file can exploit this to overwrite arbitrary files outside the intended directory, potentially escaping sandbox restrictions in shared or multi-tenant environments. This can lead to full system compromise, including elevated privileges and data integrity loss.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-29) arises from the lack of validation of file paths when extracting tar.gz archives in the mlflow/mlflow repository's extract_archive_to_dir function. Specifically, malicious tar members with path traversal sequences such as '\..\filename' can cause files to be written outside the designated extraction directory. This flaw affects all versions before v3.7.0. Exploitation requires an attacker to supply a crafted tar.gz file, enabling overwriting of arbitrary files and potential sandbox escape in multi-tenant or shared cluster setups.
Potential Impact
Successful exploitation allows an unauthenticated attacker who can supply a malicious tar.gz archive to overwrite arbitrary files on the host system. This can lead to privilege escalation, data corruption, or system compromise, especially in environments relying on sandboxing or multi-tenant isolation. The CVSS score of 9.6 reflects the critical nature with high confidentiality, integrity, and availability impacts.
Mitigation Recommendations
A fix is available in mlflow version 3.7.0 and later, which includes validation to prevent path traversal during archive extraction. Users should upgrade to version 3.7.0 or newer to remediate this vulnerability. Since no patch links are provided here, verify the vendor advisory or official mlflow release notes for the exact remediation details. Until upgraded, avoid processing untrusted tar.gz files with vulnerable versions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- @huntr_ai
- Date Reserved
- 2025-12-23T01:57:43.568Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 69c9d408e6bfc5ba1d7f349e
Added to database: 3/30/2026, 1:38:16 AM
Last enriched: 4/6/2026, 10:49:21 AM
Last updated: 5/12/2026, 5:19:52 PM
Views: 136
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.