Lucene search
+L

8 matches found

Packet Storm
Packet Storm
added 2025/04/23 12:0 a.m.503 views

📄 BentoML Runner Server Remote Code Execution

There was an insecure deserialization in BentoML's runner server prior to version 1.4.8. By setting specific headers and parameters in the POST request, it is possible to execute unauthorized arbitrary code in the context of the user running the server, which will grant initial access and...

9.8CVSS9.2AI score0.50446EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2025/04/09 4:15 p.m.5 views

ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +22 more potentially affected by CVE-2025-32375 via bentoml (>=1.0.0a7 <=1.4.7)

bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2025-32375 Source advisory: OSV:PYSEC-2025-32...

9.8CVSS7.2AI score0.50446EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2025/04/09 3:30 p.m.13 views

CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...

9.8CVSS9.2AI score0.50446EPSS
Exploits5References1
Cvelist
Cvelist
added 2025/04/09 3:30 p.m.46 views

CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...

9.8CVSS0.50446EPSS
Exploits5References1
OSV
OSV
added 2025/04/09 3:30 p.m.17 views

CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...

9.8CVSS9AI score0.50446EPSS
Exploits5References3
CVE
CVE
added 2025/04/09 3:30 p.m.121 views

CVE-2025-32375

Summary: CVE-2025-32375 affects BentoML prior to version 1.4.8, due to an insecure deserialization in BentoML’s runner server. The vulnerability allows an attacker to craft POST requests with specific headers/parameters to execute arbitrary code on the server, giving initial access and informatio...

9.8CVSS9.2AI score0.50446EPSS
Exploits5References1Affected Software1
vulnersOsv
vulnersOsv
added 2025/04/09 12:59 p.m.6 views

ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +22 more potentially affected by CVE-2025-32375 via bentoml (>=1.0.0a7 <=1.4.7)

bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2025-32375 Source advisory: OSV:GHSA-7V4R-C989-XH26...

9.8CVSS7.2AI score0.50446EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2025/04/09 12:59 p.m.6 views

ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +22 more potentially affected by CVE-2025-32375 via bentoml (>=1.0.0a7 <=1.4.7)

bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2025-32375 Source advisory: SNYK:PYTHON-BENTOML-9679274...

9.8CVSS7.2AI score0.50446EPSS
Exploits5
Rows per page
Query Builder