Insecure Deserialization in BentoML Runner Server
CVE-2025-32375

9.8CRITICAL

Key Information:

Vendor

Bentoml

Status
Bentoml
Vendor
CVE Published:
9 April 2025

Badges

πŸ“ˆ Score: 281πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 66%

What is CVE-2025-32375?

CVE-2025-32375 is a security vulnerability present in BentoML, a Python library designed for building online serving systems optimized for artificial intelligence applications and model inference. The issue lies within the BentoML runner server, where insecure deserialization can occur. This vulnerability allows attackers, through the manipulation of specific headers and parameters in POST requests, to execute arbitrary code on the server without authorization. Such exploitation could lead to unauthorized access and possible data breaches, posing a significant threat to organizations utilizing this library for their AI models.

Technical Details

CVE-2025-32375 is a flaw that exists in versions prior to 1.4.8 of BentoML. The vulnerability is centered around its runner server and stems from the process of insecure deserialization, which does not properly validate the input received in POST requests. This can enable an attacker to send crafted requests that execute unauthorized code on the server, thus compromising the integrity and confidentiality of the data and operations hosted on it. The vulnerability was addressed in the updated version 1.4.8 of BentoML, which implements necessary security measures to mitigate the risk.

Potential Impact of CVE-2025-32375

  1. Unauthorized Code Execution: Attackers exploiting this vulnerability can run arbitrary code on the server, allowing them to take control of the environment, deploy malicious software, or manipulate data.

  2. Data Breach and Information Disclosure: The unauthorized access enabled by this vulnerability can result in sensitive information being compromised, leading to data leaks that may affect the privacy and security of the organization.

  3. Initial Access and System Compromise: By exploiting the flaw, attackers can gain initial access to the server, which could serve as a foothold for further attacks, including lateral movement within the network and escalation of privileges.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BentoML >= 1.0, < 1.4.8

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-32375
Created by theGEBIRGE

References

https://github.com/bentoml/BentoML/security/advisories/GH...
x_refsource_CONFIRM

EPSS Score

66% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.