What is CVE-2025-15031?

CVE-2025-15031 is a high-severity vulnerability in Mlflow Mlflow/mlflow, classified under Path Traversal. CVSS score: 8.1/10. Published 2026-03-18.

How severe is CVE-2025-15031?

High severity. CVSS v3 base score is 8.1 out of 10.

Path Traversal in Mlflow Mlflow/mlflow

CVE-2025-15031

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files cont…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.003 (56.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Mlflow Mlflow/mlflow — versions unspecified

Weakness classification (CWE)

CWE-22 — Path Traversal

References

huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e

Frequently asked questions

What is CVE-2025-15031?: CVE-2025-15031 is a high-severity vulnerability in Mlflow Mlflow/mlflow, classified under Path Traversal. CVSS score: 8.1/10. Published 2026-03-18.
How severe is CVE-2025-15031?: High severity. CVSS v3 base score is 8.1 out of 10.