Summary: A critical security vulnerability (CVE-2025-27520) has been discovered in BentoML, allowing for remote code execution due to insecure deserialization. This flaw affects multiple versions and poses significant risks, including complete system compromise and data theft. Users are strongly urged to upgrade to version 1.4.3 immediately to mitigate these risks.
Affected: BentoML library
Keypoints :
- Vulnerability allows remote code execution for unauthenticated users.
- The affected versions are 1.3.4 and <1.4.3.
- A proof-of-concept exploit is available, increasing urgency for updates.
- Potential impacts include system compromise, data theft, and malware installation.