Is CVE-2025-15036 actively exploited?

CVE-2025-15036 has no public evidence of in-the-wild exploitation as of 2026-04-28.

What is the CVSS score for CVE-2025-15036?

CVE-2025-15036 has a CVSS score of 10 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2025-15036?

Patch guidance is available from lfprojects security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-15036.

Fix CVE-2025-15036 - CRITICAL lfprojects mlflow

Description

A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-29

Metadata

Primary Vendor: LFPROJECTS
Published: 3/30/2026
Last Modified: 4/28/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

lfprojects : mlflow

Remediation Guidance

Executive Summary

Cite this page

CVE-2025-15036. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-15036

View on NIST NVD

CVE-2025-15036 vulnerability