AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-8859: A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, co

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 20, 2025CVE-2024-8859

Summary

MLflow version 2.15.1 has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its dbfs service that allows arbitrary file reading. The vulnerability exists because the service only validates the path portion of URLs while ignoring query parameters and other URL components, which attackers can exploit if the dbfs service is configured and mounted to a local directory.

Solution / Mitigation

A patch is available at https://github.com/mlflow/mlflow/commit/7791b8cdd595f21b5f179c7b17e4b5eb5cbbe654

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 26.9%

Classification

Attack Type

Data Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedTraining Data

Taxonomy References

CWE (Weakness Type)

CWE-29

Affected Vendors

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: February 15, 2026 at 08:46 PM

Classified by LLM (prompt v3) · confidence: 85%