CVE-2025-11201

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-11201

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11201.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-11201

Aliases

Published

2025-10-29T20:15:35Z

Modified

2025-11-07T11:43:35.773746Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of model file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26921.

References

Affected packages

Git / github.com/b-step62/mlflow

Affected ranges

Type: GIT
Repo: https://github.com/b-step62/mlflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2e02bc7bb70df243e6eb792689d9b8eba0013161