Command Injection Vulnerability in MLflow Model Serving
CVE-2025-15379

10CRITICAL

Key Information:

Vendor: Mlflow
Status: Mlflow/mlflow
Vendor: CVE Published:; 30 March 2026

What is CVE-2025-15379?

A command injection vulnerability has been identified in MLflow's model serving container initialization code, specifically within the _install_model_dependencies_to_env() function. The issue arises when deploying a model using env_manager=LOCAL, as MLflow reads dependency specifications from the model artifact's python_env.yaml file and directly embeds them into a shell command without appropriate sanitization. This oversight allows an attacker to introduce a malicious model artifact that can lead to arbitrary command execution on systems utilizing the model, posing significant security risks.

Affected Version(s)

mlflow/mlflow < 3.8.2

References

https://huntr.com/bounties/dc9c1c20-7879-4050-87df-4d095f...

https://github.com/mlflow/mlflow/commit/361b6f620adf98385...

CVSS V3.0

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Dec 30, 2025

CVE-2025-15379 Data

JSON

Mlflow

What is CVE-2025-15379?

Affected Version(s)

References

CVSS V3.0

Timeline