CVE-2025-15031
MLflow Arbitrary File Write via Tar Archive Extraction
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability in MLflow allows arbitrary file writes due to improper handling of tar archive entries, potentially leading to system compromise. This impacts systems processing untrusted artifacts, particularly in multi-tenant environments.