CVE-2025-32375

CRITICAL

BentoML < 1.4.8 - Remote Code Execution via Insecure Deserialization

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-32375. PoCs published by theGEBIRGE, SeaWind, Takahiro Yokoyama, including Metasploit module exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.

AI-analyzed exploit summary This PoC exploits a deserialization vulnerability in BentoML to achieve remote code execution (RCE) via a malicious pickle payload. The exploit sends a crafted HTTP request with a pickled object that triggers arbitrary command execution.

Description

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8.

Exploits (2)

nomisec WORKING POC 3 stars

by theGEBIRGE · poc

https://github.com/theGEBIRGE/CVE-2025-32375

View Code ZIP pw:eip

This PoC exploits a deserialization vulnerability in BentoML to achieve remote code execution (RCE) via a malicious pickle payload. The exploit sends a crafted HTTP request with a pickled object that triggers arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BentoML (version not specified)

No auth needed

Prerequisites: Network access to the target service · BentoML service running with vulnerable configuration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1558 - Steal or Forge Kerberos Tickets

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by SeaWind, Takahiro Yokoyama · rubypocpython

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb

View Code ZIP pw:eip

This Metasploit module exploits an insecure deserialization vulnerability in BentoML's runner server prior to version 1.4.8. It allows remote code execution by sending a crafted POST request with specific headers and a serialized payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BentoML runner server < 1.4.8

No auth needed

Prerequisites: Network access to the target server · Target server running a vulnerable version of BentoML

MITRE ATT&CK

T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26

Scores

CVSS v3 9.8

EPSS 0.6524

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-502

Status published

Products (2)

bentoml/bentoml 1.0.0 - 1.4.8

pypi/bentoml 1.0.0a1 - 1.4.8PyPI

Published Apr 09, 2025

Tracked Since Feb 18, 2026