cvedb.io
CVE-2025-27520
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-04-04T15:15:47.927 · Last modified 2026-06-17T09:03:44.990

Summary

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3.

Affected products

bentoml — bentoml

Does this affect you?

Add your gear to cvedb and we'll alert you only when bentoml ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.