{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T01:59:03.247","vulnerabilities":[{"cve":{"id":"CVE-2025-10279","sourceIdentifier":"security@huntr.dev","published":"2026-02-02T11:16:16.867","lastModified":"2026-04-14T14:57:42.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0."},{"lang":"es","value":"En mlflow versión 2.20.3, el directorio temporal utilizado para crear entornos virtuales de Python tiene asignados permisos inseguros de escritura global (0o777). Esta vulnerabilidad permite a un atacante con acceso de escritura al directorio `/tmp` explotar una condición de carrera y sobrescribir archivos `.py` en el entorno virtual, lo que lleva a la ejecución de código arbitrario. El problema está resuelto en la versión 3.4.0."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Primary","description":[{"lang":"en","value":"CWE-379"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mlflow:*:-:*:*:*:*:*:*","versionEndExcluding":"3.4.0","matchCriteriaId":"C9CBE1C9-51F0-4D7D-8005-1284C7C2CF01"}]}]}],"references":[{"url":"https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8","source":"security@huntr.dev","tags":["Third Party Advisory","Exploit"]}]}}]}