CVE-2025-10279

NONE EPSS 11.8%
Published Feb 2, 20264mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Feb 2, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.

Threat Intelligence

EPSS Exploit Probability
11.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-379

Affected Products 1

VendorProductVersionRange
lfprojectsmlflow* <3.4.0

References 2

  • github.com https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a
    Patch
  • huntr.com https://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a
    Patch