CVE-2025-32375
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
Description
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8.
How to fix CVE-2025-32375
To remediate CVE-2025-32375, upgrade the affected package to a fixed version below.
- —upgrade to 1.4.8 or later
- —upgrade to 1.4.8 or later
Is CVE-2025-32375 being exploited?
Likely — EPSS is 65.2%, placing CVE-2025-32375 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- >= 1.0.0a1, < 1.4.8
- >= 1.0.0, < 1.4.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |