CNNVD-202510-3948 Information

CNNVD ID

CNNVD-202510-3948

Related CVE

CVE-2025-11201

• CNNVD Published: 2025-10-29

Description (Chinese)

MLflow是MLflow开源的一个简化机器学习开发的平台，包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。 MLflow存在路径遍历漏洞，该漏洞源于对模型文件路径处理不当，可能导致远程代码执行。

Description (English)

MLFlow is a simplified machine learning development platform for the MLFlow Open Source, which includes tracking experiments, packing codes into duplicated operations and sharing and deployment models. MLFlow has a loophole in its path, which results from inappropriate handling of the model file path, which may lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

MLflow

Published

2025-10-29

Last Modified

2026-02-24

References

https://github.com/B-Step62/mlflow/commit/2e02bc7bb70df243e6eb792689d9b8eba0013161 https://www.zerodayinitiative.com/advisories/ZDI-25-931/

Patch

https://github.com/B-Step62/mlflow/commit/2e02bc7bb70df243e6eb792689d9b8eba0013161