Creation of Temporary File in Directory with Insecure Permissions

CVE-2025-10279

High

7/10

Summary

In mlflow versions prior to 3.4.0rc0, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

References

Advisory
Disclosure
Issue
Pull request

Advisory Timeline

Published Feb 02, 2026

Creation of Temporary File in Directory with Insecure Permissions

CVE-2025-10279

Summary

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS