9 matches found
📄 BentoML 1.4.2 Remote Code Execution
A remote code execution vulnerability caused by insecure deserialization has been identified in version 1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. This module requires Metasploit: https://metasploit.com/download Current source:...
BentoML Vulnerability Allows Remote Code Execution on AI Servers
TL;DR: A critical deserialization vulnerability CVSS 9.8 - CVE-2025-27520 in BentoML v1.3.8–1.4.2 lets attackers execute remote code without…...
CVE-2025-27520
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...
ai-dynamo (=0.1.0), openllm (=0.6.19) potentially affected by CVE-2025-27520 via bentoml (>=1.4.0a2 <=1.4.1)
bentoml PYPI version =1.4.0a2, =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on bentoml and may be impacted: - ai-dynamo =0.1.0 - openllm =0.6.19 Source cves: CVE-2025-27520 Source advisory: OSV:GHSA-33XW-247W-6HMC...
CVE-2025-27520
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...
CVE-2025-27520 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...
CVE-2025-27520 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...
CVE-2025-27520
BentoML 1.4.2 contains an insecure deserialization flaw in serde.py that enables unauthenticated RCE via crafted payloads. The issue, described across CVE-2025-27520 sources, is fixed in 1.4.3. Public PoCs and exploit modules exist (GitHub, Metasploit) illustrating remote command execution attemp...
CVE-2025-27520
creationtimestamp| type| source ---|---|--- 2025-04-04 00:59:47+00:00| published-proof-of-concept| https://github.com/bentoml/BentoML/security/advisories/GHSA-33xw-247w-6hmc 2025-04-04 15:15:09+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114280346981280788 2025-04-04 15:15:09+00:00|...