{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15381", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-12-30T21:47:03.954Z", "datePublished": "2026-03-27T16:17:30.328Z", "dateUpdated": "2026-03-27T17:00:57.831Z"}, "containers": {"cna": {"title": "Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2026-03-27T16:17:30.328Z"}, "descriptions": [{"lang": "en", "value": "In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected."}], "affected": [{"vendor": "mlflow", "product": "mlflow/mlflow", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/149fb2f9-ef4b-4136-a25c-20563451904c"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200"}]}], "source": {"advisory": "149fb2f9-ef4b-4136-a25c-20563451904c", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T16:58:49.398468Z", "id": "CVE-2025-15381", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T17:00:57.831Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15381", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-12-30T21:47:03.954Z", "datePublished": "2026-03-27T16:17:30.328Z", "dateUpdated": "2026-03-27T17:00:57.831Z"}, "containers": {"cna": {"title": "Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2026-03-27T16:17:30.328Z"}, "descriptions": [{"lang": "en", "value": "In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected."}], "affected": [{"vendor": "mlflow", "product": "mlflow/mlflow", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/149fb2f9-ef4b-4136-a25c-20563451904c"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200"}]}], "source": {"advisory": "149fb2f9-ef4b-4136-a25c-20563451904c", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15381", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T16:58:49.398468Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T16:59:04.315Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace metadata and integrity by allowing unauthorized creation of assessments. Deployments using `mlflow server --app-name=basic-auth` are affected."}], "id": "CVE-2025-15381", "lastModified": "2026-03-27T17:16:26.573", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2026-03-27T17:16:26.573", "references": [{"source": "security@huntr.dev", "url": "https://huntr.com/bounties/149fb2f9-ef4b-4136-a25c-20563451904c"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T17:20:51.774012+00:00", "value": {"mitigation_remediation": ["Apply the latest mlflow security patch that enforces permission validators on trace and assessment endpoints.", "If a patch is not yet available, stop using the basic-auth mode or strengthen its access controls by restricting endpoint access to users with experiment permissions.", "Verify that users who are supposed to have NO_PERMISSIONS cannot read or modify trace data and assessments.", "Review audit logs for any unauthorized data access or assessment creation and take corrective action.", "Stay informed of vendor advisories and update mlflow as soon as an official fix is released."], "summary": {"action": "Patch Upgrade", "impact": "Unauthorized access to trace data and creation of assessments"}, "threat_synthesis": {"affected_systems": "mlflow:mlflow/mlflow deployments that run the server with the basic\u2011auth application (mlflow server --app-name=basic-auth). No specific version range is listed, so all affected releases with this configuration are impacted.", "description_and_impact": "In the newest release of mlflow, enabling the basic-auth app leaves the tracing and assessment endpoints without permission validation. As a result, any authenticated user, including those with no permissions on an experiment, can view trace metadata and generate assessments for traces they should not see. This exposes confidential information and allows integrity violations by creating unauthorized assessments.", "risk_and_exploitability": "The CVSS score of 8.1 marks this flaw as High severity. Because the attack requires only an authenticated account, the exploitation is relatively straightforward for any user who has logged in. EPSS data is unavailable, and the vulnerability is not yet catalogued by CISA. The risk is therefore high, driven by the serious confidentiality and integrity consequences and the low barrier to exploitation."}}}}, "created": "2026-03-27T20:28:07.094701+00:00", "updated": "2026-03-27T20:28:07.094796+00:00", "vendors": []}