News

Application security news, updated daily (if there is any news to share).

MLflow patches model artifact command injection in local deploys

CVE-2025-15379 is a critical command injection in `mlflow` when deploying a model with `env_manager=LOCAL`, enabling RCE via a malicious `python_env.yaml` artifact.

NewsPythonML Security

2 minToday

Loading news…

Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.