Description

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.

INFO

Published Date :

2026-03-30T07:16:57.610Z

Last Modified :

2026-03-31T13:50:57.378Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2025-15379 vulnerability.

Vendors Products
Mlflow
  • Mlflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-15379.

URL Resource
https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e cve-icon cve-icon cve-icon
https://huntr.com/bounties/dc9c1c20-7879-4050-87df-4d095fe5ca75 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-15379 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-15379 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact