CVE-2025-15381 — HIGH (7.1)

Vulnerability Description

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Lfprojects	Mlflow	-

Related Weaknesses (CWE)

CWE-200

References

https://huntr.com/bounties/149fb2f9-ef4b-4136-a25c-20563451904cThird Party AdvisoryExploit

FAQ

What is CVE-2025-15381?

CVE-2025-15381 is a vulnerability with a CVSS score of 7.1 (HIGH). In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including...

How severe is CVE-2025-15381?

CVE-2025-15381 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-15381?

Check the references section above for vendor advisories and patch information. Affected products include: Lfprojects Mlflow.