CVE-2025-15379
Command Injection in mlflow/mlflow
CVSS Score
10.0
EPSS Score
0.2%
EPSS Percentile
38th
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.
| CWE | CWE-77 |
| Vendor | mlflow |
| Product | mlflow/mlflow |
| Published | Mar 30, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for mlflow mlflow/mlflow
Be the first to know when new critical vulnerabilities affecting mlflow mlflow/mlflow are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Versions
mlflow / mlflow/mlflow
unspecified < 3.8.2