CVE-2024-8859
Published: 20 March 2025
Summary
CVE-2024-8859 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Lfprojects Mlflow. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Machine Learning Libraries; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
MLflow version 2.15.1 is affected by a path traversal vulnerability in its dbfs service. When a URL is concatenated directly into file protocol handling, only the path portion is validated while query strings and other parameters are ignored, allowing an arbitrary file read when the service is configured and mounted to a local directory.
An unauthenticated remote attacker can supply a crafted URL to the mounted dbfs endpoint and retrieve arbitrary files from the underlying filesystem without requiring user interaction or credentials.
The referenced commit 7791b8cdd595f21b5f179c7b17e4b5eb5cbbe654 addresses the flaw, and the issue was disclosed via the Huntr platform.
MLflow’s role in machine-learning pipelines makes the dbfs configuration relevant to AI/ML deployments; the EPSS score reached a peak of 0.2692.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6887
Vulnerability details
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part…
more
of the URL is checked, while parts such as query and parameters are not handled. The vulnerability is triggered if the user has configured the dbfs service, and during usage, the service is mounted to a local directory.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Machine Learning Libraries
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mlflow
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability enables arbitrary file reads from the local filesystem (via mounted DBFS), facilitating collection of data from local system and file/directory discovery.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents path traversal by requiring validation of all URL components, including query parameters, before concatenating into file protocols in the MLflow DBFS service.
Addresses the specific flaw in MLflow 2.15.1 DBFS through timely flaw remediation and patching as referenced in the vulnerability fix commit.
Enforces authorized access to files in the mounted local directory, limiting the scope of arbitrary reads enabled by the path traversal vulnerability.