CVEPublished 2026-03-16Modified 2026-06-301 article on news6 live referencesNVD data

CVE-2025-14287Lfprojects · Mlflow

Vulnerability data via NVD (ingested)

CVSS v3.1
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS percentile
Description

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, which are then executed using `os.system()`. This allows attackers to execute arbitrary commands by supplying malicious input through the `--container` parameter of the CLI. The issue affects environments where MLflow is used, including development setups, CI/CD pipelines, and cloud deployments.

Timeline
Published 2026-03-16
Modified 2026-06-30

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (8)

0xsyr0/OSCPPowerShell
OSCP Cheat Sheet
★ 3,774·updated 1w ago
ra1nb0rn/search_vulnsPython
A modular tool to search for known vulnerabilities, exploits and more across various data sources
★ 92·updated today
Esther7171/TryHackMe-WalkthroughsPython
137+ TryHackMe walkthroughs covering web exploitation, privilege escalation, CVE analysis, container escapes, and AI/LLM security. Beginner to intermediate.
★ 70·updated 4w ago
Wiz-Works/LearnPeasShell
Educational Linux privilege escalation script for CTFs/OSCP. Explains WHAT/WHY/HOW for every vulnerability found. Highlights critical findings with red alerts. Extended mode defaul…
★ 63·updated 8mo ago
adnan-kutay-yuksel/tryhackme-all-rooms-databaseunknown
A comprehensive tool for categorizing TryHackMe rooms, including details such as difficulty, room type, subscription status, and much more, to enhance user experience in cybersecur…
★ 31·updated 7mo ago
Kiosec/Linux-ExploitationC
Audit and pentest methodologies for Linux including internal enumeration, privesc, lateral movement, etc.
★ 15·updated 3mo ago
COOLXPLO/TryHackMe-WalkthroughsHTML
A collection of detailed walkthroughs and notes for rooms completed on TryHackMe. This repository documents methodologies, tools, commands, and key learnings from various cybersecu…
★ 3·updated 1mo ago
Maikefee/linux-exploit-hunterShell
一个强大的Linux漏洞搜索工具,基于原始的[Linux -exploit- suggestion](https://github.com/mzet-/linux-exploit-suggester),专注于检测**2020-2024**期间最新的Linux内核特权升级漏洞。
★ 3·updated 10mo ago