CVE-2025-15036 | MLflow up to 3.8.x dbconnect_artifact_cache.py extract_archive_to_dir path traversal

Inserito da Angelo Barbosa | Mar 30, 2026 | CVE

A vulnerability categorized as critical has been discovered in MLflow up to 3.8.x. This issue affects the function extract_archive_to_dir of the file mlflow/pyfunc/dbconnect_artifact_cache.py. The manipulation results in path traversal: ‘..filename’.

This vulnerability was named CVE-2025-15036. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2025-15036 | MLflow up to 3.8.x dbconnect_artifact_cache.py extract_archive_to_dir path traversal

Post correlati

CVE-2024-29791 | Mad Fish Digital Bulk NoIndex & NoFollow Toolkit Plugin up to 2.01 on WordPress cross site scripting

CVE-2024-10562 | 10Web Form Maker Plugin up to 1.15.30 on WordPress Setting cross site scripting

CVE-2025-61619 | Unisoc T8100/T9100/T8200/T8300 nr Modem denial of service

CVE-2024-7994 | Autodesk Revit 2024/2025 RFA File stack-based overflow