CVE-2025-15381
8.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NO_PERMISSIONS on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using mlflow server --app-name=basic-auth are affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mlflow | mlflow/mlflow | unspecified <= latest | affected |
Weaknesses
- CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
mlflow/mlflow: mlflow/mlflow: Information disclosure and unauthorized data modification via unprotected tracing and assessment endpoints
Additional References
- https://access.redhat.com/security/cve/CVE-2025-15381
- https://bugzilla.redhat.com/show_bug.cgi?id=2452341
- https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15381.json
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.