Cyber Posture

CVE-2024-8859

N/APublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
05 August 2025
KEV Added
Patch
CVSS Score N/A
EPSS Score 0.2569 96.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

Security Summary

CVE-2024-8859 is a path traversal vulnerability (CWE-29) in mlflow/mlflow version 2.15.1. The issue affects the DBFS service when users configure it and mount it to a local directory. It stems from directly concatenating URLs into the file protocol, where validation checks only the path component of the URL, neglecting query parameters and other parts, which enables arbitrary file reads.

Exploitation requires an attacker to provide a maliciously crafted URL to the DBFS service during its use. This scenario is feasible for users or attackers who can interact with the configured DBFS service in MLflow. Successful exploitation allows reading arbitrary files from the local directory to which the service is mounted.

Mitigation details are available in the referenced patch commit at https://github.com/mlflow/mlflow/commit/7791b8cdd595f21b5f179c7b17e4b5eb5cbbe654, which addresses the improper URL handling. The vulnerability was reported through the Huntr bounty program at https://huntr.com/bounties/2259b88b-a0c6-4c7c-b434-6aacf6056dcb.

MLflow is an open-source platform for the machine learning lifecycle, making this vulnerability relevant to AI/ML deployments using DBFS integration. No public information indicates real-world exploitation as of the CVE publication on 2025-03-20.

Details

CWE(s)
CWE-29

Affected Products

lfprojects
mlflow
2.15.1

AI Security Analysis

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
MLflow is an open-source platform for managing the ML lifecycle, including experimentation, reproducibility, and deployment of machine learning models, fitting the 'Other Platforms' category as it is not a deep learning framework, ML library, or other specific subcategory.

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability enables arbitrary file reads from the local filesystem (via mounted DBFS), facilitating collection of data from local system and file/directory discovery.

References