PyPI: mlflow
CVE-2025-15381
Safety vulnerability ID: SFTY-20260327-54769
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected.
Overview
MLFlow allows Tracing + Assessments Access
Advisory
MLFlow allows Tracing + Assessments Access
How to Fix
We recommend updating mlflow to the latest non-vulnerable version.
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260327-54769/CVE-2025-15381
- https://nvd.nist.gov/vuln/detail/CVE-2025-15381
- https://huntr.com/bounties/149fb2f9-ef4b-4136-a25c-20563451904c
- https://github.com/mlflow/mlflow/blob/b569ebc74c14af593c326143bee2df44a5d59edf/mlflow/server/auth/__init__.py#L752
- https://github.com/advisories/GHSA-g6pg-52vf-843h
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more