CVE-2025-15379

Name of the Vulnerable Software and Affected Versions MLflow versions 3.8.0 through 3.8.1

Description A command injection issue exists in MLflow’s model serving container initialization code, specifically within the install model dependencies to env() function. When deploying a model with env manager=LOCAL, MLflow reads dependency specifications from the model artifact's python env.yaml file and directly interpolates them into a shell command without proper sanitization. This allows an attacker to supply a malicious model artifact and potentially achieve arbitrary command execution on systems that deploy the model. The vulnerability is triggered when processing the python env.yaml file.

Recommendations MLflow versions 3.8.0 and 3.8.1 should be upgraded to version 3.8.2.