CVE-2025-15379CRITICAL 9.8EPSS p81.5%

CVE-2025-15379CVE-2025-15379

Description

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.36% probability of exploitation · percentile 81.5% · 2026-06-18T12:00:27Z
Published2026-03-30
Last modified2026-04-28

Underlying weaknesses· 1

CWE-77

References

  1. https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e
  2. https://huntr.com/bounties/dc9c1c20-7879-4050-87df-4d095fe5ca75

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-14287
CVE
CVE-2025-15031
CVE
CVE-2025-15036
CVE
CVE-2025-11201
CVE
CVE-2026-2033
CVE
CVE-2025-14279
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.