CVE-2025-10279
Unknown Unknown - Not Provided
Insecure Permissions in MLflow Virtualenv Allow Code Execution

Publication date: 2026-02-02

Last updated on: 2026-04-14

Assigner: huntr.dev

Description
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-02-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10279
EUVD
EUVD-2025-206598
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lfprojects mlflow to 3.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-379 The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments was assigned insecure world-writable permissions (0o777). This means anyone with write access to the /tmp directory could exploit a race condition to overwrite .py files in the virtual environment, potentially leading to arbitrary code execution. The issue was fixed by changing the permissions to 0o750, restricting write access and improving security. [1]

Impact Analysis

This vulnerability can allow an attacker with write access to the /tmp directory to execute arbitrary code by overwriting Python files in the virtual environment. This could lead to privilege escalation, unauthorized code execution, and compromise of the system or application running mlflow. [1]

Detection Guidance

You can detect this vulnerability by checking the permissions of the temporary directories created by mlflow for Python virtual environments. Specifically, look for directories with world-writable permissions (mode 0o777) in the /tmp directory or wherever mlflow creates its temporary directories. A command to find such directories is: `find /tmp -type d -perm 0777 -ls`. Additionally, verify if your mlflow version is 2.20.3, which is vulnerable. [1]

Mitigation Strategies

Immediately upgrade mlflow to version 3.4.0 or later, where the issue is fixed by changing the temporary directory permissions from 0o777 to 0o750, reducing unauthorized write access. As a temporary mitigation, you can manually change the permissions of the temporary directories used by mlflow to 750 using: `chmod 750 <tmp_dir>`. Also, ensure that the temporary directories are cleaned up after use to prevent lingering insecure directories. [1]

Compliance Impact

The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows arbitrary code execution due to insecure permissions on temporary directories, it could potentially lead to unauthorized access or modification of sensitive data, which may affect compliance with data protection regulations. The fix reduces the risk by tightening permissions and cleaning up temporary directories, thereby improving security posture. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10279. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart