Lucene search
K

9 matches found

Packet Storm
Packet Storm
added 2025/04/16 12:0 a.m.646 views

📄 BentoML 1.4.2 Remote Code Execution

A remote code execution vulnerability caused by insecure deserialization has been identified in version 1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS10AI score0.3592EPSS
Exploits5
HackRead
HackRead
added 2025/04/11 5:14 p.m.73 views

BentoML Vulnerability Allows Remote Code Execution on AI Servers

TL;DR: A critical deserialization vulnerability CVSS 9.8 - CVE-2025-27520 in BentoML v1.3.8–1.4.2 lets attackers execute remote code without…...

9.8CVSS8.3AI score0.3592EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/04/06 3:30 p.m.16 views

CVE-2025-27520

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...

9.8CVSS8.4AI score0.3592EPSS
Exploits5References1
vulnersOsv
vulnersOsv
added 2025/04/04 4:5 p.m.6 views

ai-dynamo (=0.1.0), openllm (=0.6.19) potentially affected by CVE-2025-27520 via bentoml (>=1.4.0a2 <=1.4.1)

bentoml PYPI version =1.4.0a2, =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on bentoml and may be impacted: - ai-dynamo =0.1.0 - openllm =0.6.19 Source cves: CVE-2025-27520 Source advisory: OSV:GHSA-33XW-247W-6HMC...

9.8CVSS7.4AI score0.3592EPSS
Exploits5
NVD
NVD
added 2025/04/04 3:15 p.m.34 views

CVE-2025-27520

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...

9.8CVSS0.3592EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2025/04/04 2:28 p.m.20 views

CVE-2025-27520 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...

9.8CVSS8.7AI score0.3592EPSS
Exploits5References2
Cvelist
Cvelist
added 2025/04/04 2:28 p.m.38 views

CVE-2025-27520 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...

9.8CVSS0.3592EPSS
Exploits5References2
CVE
CVE
added 2025/04/04 2:28 p.m.141 views

CVE-2025-27520

BentoML 1.4.2 contains an insecure deserialization flaw in serde.py that enables unauthenticated RCE via crafted payloads. The issue, described across CVE-2025-27520 sources, is fixed in 1.4.3. Public PoCs and exploit modules exist (GitHub, Metasploit) illustrating remote command execution attemp...

9.8CVSS10AI score0.3592EPSS
Exploits5References2Affected Software1
Circl
Circl
added 2025/04/04 12:59 a.m.23 views

CVE-2025-27520

creationtimestamp| type| source ---|---|--- 2025-04-04 00:59:47+00:00| published-proof-of-concept| https://github.com/bentoml/BentoML/security/advisories/GHSA-33xw-247w-6hmc 2025-04-04 15:15:09+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114280346981280788 2025-04-04 15:15:09+00:00|...

9.8CVSS8.7AI score0.3592EPSS
Exploits5References20
Rows per page
Query Builder