CVE-2025-11201

Опубликовано: 29 окт. 2025

Источник: nvd

CVSS3: 8.1

CVSS3: 9.8

EPSS Средний

Описание

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of model file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26921.

Ссылки

https://github.com/B-Step62/mlflow/commit/2e02bc7bb70df243e6eb792689d9b8eba0013161
Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-931/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*

Версия до 2025-06-10 (исключая)

EPSS

Процентиль: 95%

0.1946

Средний

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-5cvj-7rg6-jggj

CVSS3: 8.1

github

3 месяца назад

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

EPSS

Процентиль: 95%

0.1946

Средний

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-22