{"data":{"id":"6ffc0a9a-08ab-42a8-8987-36ca1b90ba95","title":"CVE-2025-15381: In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not p","summary":"In MLflow (a machine learning tool for managing experiments), when basic authentication is enabled, certain endpoints that show trace information (a record of how the AI made decisions) and allow users to assess traces are not properly checking user permissions. This means any logged-in user can view traces and create assessments even if they shouldn't have access to them, risking exposure of sensitive information and unauthorized changes.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-15381","publishedAt":"2026-03-27T17:16:26.573Z","cveId":"CVE-2025-15381","cweIds":["CWE-200"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-27T17:16:26.573Z","capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}