CVE-2025-11201: 
NixOS vulnerability analysis and mitigation

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability (CVE-2025-11201) was discovered and disclosed on October 3, 2025. This vulnerability affects MLflow Tracking Server installations and allows remote attackers to execute arbitrary code without requiring authentication. The vulnerability stems from improper validation of user-supplied paths in model file operations (Zero Day Initiative, NVD).

The vulnerability exists within the handling of model file paths in MLflow Tracking Server. The specific flaw results from the lack of proper validation of a user-supplied path prior to using it in file operations. The vulnerability has received a CVSS v3.1 Base Score of 9.8 CRITICAL from NIST NVD, while Zero Day Initiative assessed it with a score of 8.1 HIGH (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

An attacker can leverage this vulnerability to execute code in the context of the service account. Given that no authentication is required, this vulnerability poses a significant risk to affected MLflow Tracking Server installations, potentially allowing unauthorized access and code execution (Zero Day Initiative).

MLflow has released an update to address this vulnerability. The fix introduces a new environment variable 'MLFLOWCREATEMODELVERSIONSOURCEVALIDATIONREGEX' to validate model version sources using regular expression patterns. Organizations should update to the patched version and implement source validation to restrict model versions to approved sources (MLflow Patch).