EUVD-2025-208671

| CVE-2025-14287 HIGH
2026-03-15 @huntr_ai GHSA-xch3-2f9x-wh9f
7.5
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 10:00 euvd
EUVD-2025-208671
Analysis Generated
Mar 15, 2026 - 10:00 vuln.today
CVE Published
Mar 15, 2026 - 09:27 nvd
HIGH 7.5

Tags

Command Injection RCE Code Injection AI / ML Redhat Mlflow

Description

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, which are then executed using `os.system()`. This allows attackers to execute arbitrary commands by supplying malicious input through the `--container` parameter of the CLI. The issue affects environments where MLflow is used, including development setups, CI/CD pipelines, and cloud deployments.

Analysis

Command injection vulnerability in MLflow versions before v3.7.0 that allows attackers to execute arbitrary commands by injecting malicious input through the --container parameter when deploying models to SageMaker. The vulnerability affects MLflow installations in development environments, CI/CD pipelines, and cloud deployments, with a CVSS score of 7.5 indicating high severity. No active exploitation or KEV listing is reported, and no EPSS data is available to assess real-world exploitation likelihood.

Technical Context

The vulnerability exists in the mlflow/sagemaker/__init__.py file where user-supplied container image names are directly interpolated into shell commands and executed via os.system() without proper sanitization. Based on the CPE identifier (cpe:2.3:a:mlflow:mlflow/mlflow:*:*:*:*:*:*:*:*), all MLflow versions prior to v3.7.0 are affected. This is classified as CWE-94 (Improper Control of Generation of Code), a dangerous weakness class that allows attackers to inject and execute arbitrary code through unsanitized input that gets interpreted as code rather than data.

Affected Products

All versions of MLflow prior to v3.7.0 are affected, specifically installations that use the SageMaker deployment functionality. The EUVD lists affected versions as 'mlflow/mlflow unspecified ≤latest', confirming all versions up to the patch release are vulnerable. The vulnerability impacts MLflow deployments in development environments, CI/CD pipelines, and cloud deployments where the SageMaker integration is utilized.

Remediation

Upgrade to MLflow version 3.7.0 or later which contains the fix for this vulnerability. No specific vendor advisory is linked in the references beyond the HuntrAI bounty report. As a workaround, organizations should validate and sanitize any user-supplied container image names before passing them to MLflow's SageMaker deployment functions, or restrict access to the MLflow SageMaker deployment functionality to trusted users only.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Vendor Status

Share

EUVD-2025-208671 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy