CNNVD-202510-3951 Information
Oct 29, 2025
cve
CNNVD ID
CNNVD-202510-3951
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
MLflow是MLflow开源的一个简化机器学习开发的平台,包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。 MLflow存在安全漏洞,该漏洞源于密码要求较弱,可能导致远程攻击者绕过身份验证。
Description (English)
MLFlow is a simplified machine learning development platform for the MLFlow Open Source, which includes tracking experiments, packing codes into duplicated operations and sharing and deployment models. MLFlow had a security loophole, which stemmed from weak password requirements and could lead to remote attackers bypassing identification.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
MLflow
Published
2025-10-29
Last Modified
2026-02-24
References
https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54 https://www.zerodayinitiative.com/advisories/ZDI-25-932/
Patch
https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54
Share on: