CVE-2025-15036

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.7.0

Description A path traversal issue exists in the extract archive to dir function within the mlflow/pyfunc/dbconnect artifact cache.py file of the mlflow/mlflow repository. The issue is due to insufficient validation of tar member paths during extraction. An attacker controlling the tar.gz file could exploit this to overwrite files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments. The vulnerable function is extract archive to dir.

Recommendations Update to version 3.7.0 or later. As a temporary workaround, avoid using untrusted or unverified tar.gz files with the extract archive to dir function.