{"data":{"id":"c239ca46-17da-47dc-bf3b-58b5c068de29","title":"CVE-2025-10279: In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure wor","summary":"MLflow version 2.20.3 has a vulnerability where temporary directories used to create Python virtual environments are set with world-writable permissions (meaning any user on the system can read, write, and execute files there). An attacker with access to the `/tmp` directory can exploit a race condition (a situation where timing allows an attacker to interfere with an operation before it completes) to overwrite Python files in the virtual environment and run arbitrary code.","solution":"The issue is resolved in mlflow version 3.4.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-10279","publishedAt":"2026-02-02T16:16:16.867Z","cveId":"CVE-2025-10279","cweIds":["CWE-379"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00017,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}