CVE-2025-32375 – CVE-2025-32375 is an insecure deserialization v... (How to Fix)

📋 TL;DR

CVE-2025-32375 is an insecure deserialization vulnerability in BentoML's runner server that allows remote code execution. Attackers can execute arbitrary code by sending specially crafted POST requests with specific headers and parameters. This affects all BentoML deployments using versions prior to 1.4.8.

💻 Affected Systems

Products:

BentoML

Versions: All versions prior to 1.4.8

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Affects BentoML runner servers exposed to network requests. Local-only deployments may have reduced risk.

📦 What is this software?

Bentoml by Bentoml

View all CVEs affecting Bentoml →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Initial foothold for attackers leading to data exfiltration, credential harvesting, and deployment of additional malware.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending POST requests with specific headers/parameters. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.8

Vendor Advisory: https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26

Restart Required: Yes

Instructions:

1. Update BentoML using pip: pip install --upgrade bentoml>=1.4.8
2. Restart all BentoML services
3. Verify version with: python -c "import bentoml; print(bentoml.__version__)"

🔧 Temporary Workarounds

Network Access Control

linux

Restrict network access to BentoML runner servers using firewall rules

iptables -A INPUT -p tcp --dport [BENTOML_PORT] -s [TRUSTED_IPS] -j ACCEPT
iptables -A INPUT -p tcp --dport [BENTOML_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate BentoML servers
Deploy web application firewall (WAF) with deserialization attack detection rules

🔍 How to Verify

Check if Vulnerable:

Check BentoML version: python -c "import bentoml; print(bentoml.__version__)" - if version < 1.4.8, system is vulnerable.

Check Version:

python -c "import bentoml; print(bentoml.__version__)"

Verify Fix Applied:

Confirm version is 1.4.8 or higher using same command and test that runner server accepts only legitimate requests.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to runner endpoints
Errors containing deserialization failure messages
Suspicious process execution from BentoML context

Network Indicators:

POST requests with unusual headers to BentoML runner ports
Outbound connections from BentoML servers to unexpected destinations

SIEM Query:

source="bentoml.logs" AND ("POST /runner" OR "deserialization" OR "pickle")

📊 Metadata

CVE ID: CVE-2025-32375

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 66.16% exploit probability (98.5th percentile)

Published: April 9, 2025

Last Updated: April 22, 2025

🔗 References

https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26 Exploit,Vendor Advisory
https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32375, you might also want to check these: