Primary

Context

MLflow Path Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

A path traversal vulnerability has been identified in MLflow version 2.15.1. This vulnerability arises when users configure and utilize the DBFS service, as it allows for arbitrary file reading by concatenating the URL directly into the file protocol. The issue occurs because only the path component of the URL is validated, leaving query parameters unchecked. Exploitation of this vulnerability requires the DBFS service to be configured and mounted to a local directory.

Impact

Exploitation of this vulnerability allows for arbitrary file reading on the system where MLflow is running.

Reproduction

The vulnerability can be reproduced by configuring the DBFS service in MLflow and mounting it to a local directory. Once this is done, a request can be made that includes a crafted file URI that exploits the path traversal flaw, such as one that includes relative path components to traverse directories and access arbitrary files.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.8

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.9

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.8

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.9

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MLflow Path Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Reproduction

Affected Products

mlflow/mlflow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating