CVE-2025-27520: BentoML RCE via Insecure Deserialization
CVE-2025-27520 is verified against bentoml · pip affected versions: >=1.3.4, <1.4.3 fixed version: 1.4.3 vulnerability class: RCE This critical reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00045.
pruva-verify REPRO-2026-00045 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00045/artifacts/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version(v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server.
# RCA Report - GHSA-33xw-247w-6hmc (CVE-2025-27520)
Summary:
- Root Cause: In BentoML <=1.4.2, application/vnd.bentoml+pickle requests were deserialized with pickle.loads when payload.metadata lacked "buffer-lengths" in serde.deserialize_value, allowing execution of attacker-controlled pickle opcodes from HTTP requests.
- Impact: Remote code execution by unauthenticated clients.
Evidence (vulnerable 1.4.2):
- Exploit sent with Content-Type: application/vnd.bentoml+pickle to /summarize.
- Server executed shell commands to append markers to logs/rce_proof.txt.
- Repro script logs show markers present:
- RCE_ATTEMPT_1_...
- RCE_ATTEMPT_2_...
- RCE_ATTEMPT_3_...
Patched verification (latest 1.4.30):
- application/vnd.bentoml+pickle is rejected with 415 ("not allowed in main server").
- Case/param variations return 400/415 and do not execute payloads.
- logs/rce_proof_patched.txt remains empty.
Files:
- Script: bundle/reproduction_steps.sh
- Logs: bundle/logs/*
- Patch analysis: repro/patch_analysis.md
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.
No artifacts available