CVE-2025-54381

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

BentoML 1.x < 1.4.8 Arbitrary Code Execution

The version of the BentoML library installed on the remote host has an arbitrary code execution vulnerability. BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner serve...

The vulnerability of the serde.py component in the BentoML library allows a hacker to execute arbitrary code on the server.

The vulnerability of the serde.py component in the BentoML library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code on the server...

CVE-2025-32375

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...