CVE-2025-15379 | MLflow up to 3.8.1 Model _install_model_dependencies_to_env command injection

A vulnerability was found in MLflow up to 3.8.1. It has been declared as critical. Impacted is the function _install_model_dependencies_to_env of the component Model Handler. The manipulation results in command injection.

This vulnerability is known as CVE-2025-15379. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More