CNNVD-202506-2961 Information

CNNVD ID

CNNVD-202506-2961

Related CVE

CVE-2025-52967

• CNNVD Published: 2025-06-23

Description (Chinese)

MLflow是MLflow开源的一个简化机器学习开发的平台，包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。 MLflow 3.1.0之前版本存在代码问题漏洞，该漏洞源于缺少gateway_path验证。

Description (English)

MLFlow is a simplified machine learning development platform for the MLFlow Open Source, which includes tracking experiments, packing codes into duplicated operations and sharing and deployment models. Before MLFlow 3.1.0, there was a code gap, which stemmed from the lack of gateway path authentication.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

MLflow

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/mlflow/mlflow/pull/15970 https://github.com/mlflow/mlflow/releases/tag/v3.1.0 https://github.com/mlflow/mlflow/issues/15944 https://access.redhat.com/security/cve/cve-2025-52967

Patch

https://github.com/mlflow/mlflow/releases