8 matches found
📄 BentoML Runner Server Remote Code Execution
There was an insecure deserialization in BentoML's runner server prior to version 1.4.8. By setting specific headers and parameters in the POST request, it is possible to execute unauthorized arbitrary code in the context of the user running the server, which will grant initial access and...
ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +22 more potentially affected by CVE-2025-32375 via bentoml (>=1.0.0a7 <=1.4.7)
bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2025-32375 Source advisory: OSV:PYSEC-2025-32...
CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...
CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...
CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...
CVE-2025-32375
Summary: CVE-2025-32375 affects BentoML prior to version 1.4.8, due to an insecure deserialization in BentoML’s runner server. The vulnerability allows an attacker to craft POST requests with specific headers/parameters to execute arbitrary code on the server, giving initial access and informatio...
ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +22 more potentially affected by CVE-2025-32375 via bentoml (>=1.0.0a7 <=1.4.7)
bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2025-32375 Source advisory: OSV:GHSA-7V4R-C989-XH26...
ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +22 more potentially affected by CVE-2025-32375 via bentoml (>=1.0.0a7 <=1.4.7)
bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2025-32375 Source advisory: SNYK:PYTHON-BENTOML-9679274...