1. Home
  2. CVE Database
  3. CVE-2025-32375
CRITICAL · 9.8

CVE-2025-32375

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting ...

Vulnerability Description

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
BentomlBentoml>= 1.0.0, < 1.4.8

Related Weaknesses (CWE)

CWE-502

References

FAQ

What is CVE-2025-32375?

CVE-2025-32375 is a vulnerability with a CVSS score of 9.8 (CRITICAL). BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting ...

How severe is CVE-2025-32375?

CVE-2025-32375 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-32375?

Check the references section above for vendor advisories and patch information. Affected products include: Bentoml Bentoml.