CVE-2025-10279
NONE EPSS 11.8%
Published Feb 2, 20264mo ago · Modified Jun 17, 20262w ago
Published Feb 2, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago
Description
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
Threat Intelligence
EPSS Exploit Probability
11.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-379
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| lfprojects | mlflow | * | <3.4.0 |
References 2
- github.com https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a
- huntr.com https://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8
Remediation
- github.com https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a