THREAT SENTINEL
Back to Dashboard
Hacking IncidentsCritical

CVE-2025-15379: Critical Severity Vulnerability Disclosed

Monday, March 30, 2026
Global
NVD

Summary

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` f

Threat Analysis

**Threat Overview:** A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` f

**CVE ID:** CVE-2025-15379 **CVSS Score:** 10.0 (CRITICAL)

**Recommended Mitigations:** - Review and apply vendor security updates - Monitor for signs of exploitation - Implement network segmentation and access controls - Enable logging and monitoring for affected systems

Last updated: Mar 30, 2026, 08:22 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM