Published on: 2025-04-11

Intelligence Report: BentoML Vulnerability Allows Remote Code Execution on AI Servers – HackRead

1. BLUF (Bottom Line Up Front)

A critical vulnerability, CVE-2025-27520, has been identified in BentoML versions 1.3.8 to 1.4.2, allowing remote code execution without authentication. This poses significant risks to AI-powered online services. Immediate upgrade to version 1.4.3 is recommended to mitigate potential exploitation. A Web Application Firewall (WAF) may serve as a temporary measure but is not a comprehensive solution.

2. Detailed Analysis

The following structured analytic techniques have been applied for this analysis:

General Analysis

The vulnerability stems from insecure deserialization within the deserialize_value() function in BentoML’s serde.py file. This flaw allows attackers to execute arbitrary code by sending crafted serialized data. The issue is a recurrence of a previously fixed vulnerability, CVE-2024-2912, which reappeared in version 1.3.8. The exploitation method involves creating malicious pickles that execute harmful commands upon deserialization.

3. Implications and Strategic Risks

The vulnerability poses significant risks to sectors relying on AI services, including potential data breaches and unauthorized access to critical systems. National security could be compromised if sensitive data is exposed or manipulated. Economic interests are at risk due to potential service disruptions and reputational damage to affected organizations.

4. Recommendations and Outlook

Recommendations:

• Immediately upgrade BentoML to version 1.4.3 to eliminate the vulnerability.
• Implement a Web Application Firewall (WAF) as an interim measure to block malicious traffic.
• Conduct regular security audits and code reviews to identify and address similar vulnerabilities.
• Enhance organizational cybersecurity awareness and training to mitigate human error in software development.

Outlook:

Best-case scenario: Rapid adoption of the patch minimizes exploitation, and organizations strengthen their security posture.

Worst-case scenario: Delayed response leads to widespread exploitation, resulting in significant data breaches and operational disruptions.

Most likely scenario: Organizations gradually implement the patch, with some experiencing minor incidents due to delayed updates.

5. Key Individuals and Entities

The vulnerability was discovered by c2an1 and further analyzed by Bruno Dias and the Checkmarx Zero research team. The report highlights the recurring nature of the vulnerability and the need for immediate remediation.