CVE-2025-15379: A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_
Summary
MLflow has a command injection vulnerability (a type of attack where an attacker inserts malicious commands into input that gets executed) in its model serving code when deploying models with `env_manager=LOCAL`. The vulnerability occurs because MLflow reads dependency information from a file called `python_env.yaml` in the model artifact and directly uses it in a shell command without checking if it's safe, allowing an attacker to execute arbitrary commands on the system deploying the model.
Solution / Mitigation
Update MLflow to version 3.8.2, which fixes the vulnerability. Version 3.8.0 is affected.
Vulnerability Details
EPSS: 0.0%
March 30, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-15379
First tracked: March 30, 2026 at 08:07 AM
Classified by LLM (prompt v3) · confidence: 95%