AML.T0018

Manipulate AI Model

Adversaries may directly manipulate an AI model to change its behavior or introduce malicious code. Manipulating a model gives the adversary a persistent change in the system. This can include poisoning the model by changing its weights, modifying the model architecture to change its behavior, and embedding malware which may be executed when the model is loaded.

17 CVEs mapped View on MITRE ATLAS →

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2023-1177	MLflow: path traversal allows arbitrary file read/write	mlflow	9.8
CRITICAL	CVE-2025-63389	ollama: Missing Auth allows unauthenticated access	ollama	9.8
CRITICAL	CVE-2026-2635	mlflow: security flaw enables exploitation	mlflow	9.8
CRITICAL	CVE-2023-6018	MLflow: unauth file overwrite enables model poisoning	mlflow	9.8
CRITICAL	CVE-2024-8019	pytorch-lightning: file upload RCE (Windows)	pytorch-lightning	9.1
HIGH	CVE-2022-23561	TensorFlow Lite: OOB write, arbitrary write primitive	tensorflow	8.8
HIGH	CVE-2021-29587	TensorFlow TFLite: divide-by-zero via crafted model file	tensorflow	7.8
HIGH	CVE-2021-41203	TensorFlow: malformed checkpoint triggers overflow/crash	tensorflow	7.8
HIGH	CVE-2023-6015	MLflow: unauthenticated arbitrary file write via PUT	mlflow	7.5
HIGH	CVE-2020-28975	scikit-learn: DoS via crafted SVM model deserialization	scikit-learn	7.5
HIGH	CVE-2021-29601	TensorFlow Lite: integer overflow in model concatenation	tensorflow	7.1
MEDIUM	CVE-2026-44562	open-webui: missing authz enables model hijacking	open-webui	6.5
MEDIUM	CVE-2022-23586	TensorFlow: SavedModel DoS crashes Python interpreter	tensorflow	6.5
MEDIUM	CVE-2022-23583	TensorFlow: SavedModel type confusion triggers DoS crash	tensorflow	6.5
MEDIUM	CVE-2022-23565	TensorFlow: DoS via malicious SavedModel AttrDef duplication	tensorflow	6.5
MEDIUM	CVE-2022-23594	TensorFlow MLIR: heap OOB via malicious SavedModel file	tensorflow	5.5
LOW	CVE-2025-2149	PyTorch: improper init in quantized sigmoid skews model output	pytorch	2.5