CVE-2025-14287 | MLflow up to 3.6.x os.system container code injection

Inserito da Angelo Barbosa | Mar 15, 2026 | CVE

A vulnerability was found in MLflow up to 3.6.x. It has been rated as critical. This issue affects the function os.system. The manipulation of the argument container leads to code injection.

This vulnerability is listed as CVE-2025-14287. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.

CVE-2025-14287 | MLflow up to 3.6.x os.system container code injection

Post correlati

CVE-2024-22026 | Ivanti EPMM prior 11.12.0.1/12.0.0.0/12.1.0.0 access control

CVE-2024-46705 | Linux Kernel up to 6.10.6 DRM Privilege Escalation (b1c9fbed3884/c7117419784f)

CVE-2025-13410 | Campcodes Retro Basketball Shoes Online Store 1.0 /admin/receipt.php tid sql injection

CVE-2024-0456 | GitLab prior 16.6.6/16.7.4/16.8.1 MR improper authorization (Issue 430726)