{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T20:34:37.132","vulnerabilities":[{"cve":{"id":"CVE-2025-27520","sourceIdentifier":"security-advisories@github.com","published":"2025-04-04T15:15:47.927","lastModified":"2025-06-27T12:48:46.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3."},{"lang":"es","value":"BentoML es una librería de Python para crear sistemas de servidores en línea optimizados para aplicaciones de IA e inferencia de modelos. Se ha identificado una vulnerabilidad de Ejecución Remota de Código (RCE) causada por una deserialización insegura en la última versión (v1.4.2) de BentoML. Esta vulnerabilidad permite a cualquier usuario no autenticado ejecutar código arbitrario en el servidor. Existe un segmento de código inseguro en serde.py. Esta vulnerabilidad se corrigió en la versión 1.4.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bentoml:bentoml:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.4","versionEndIncluding":"1.4.2","matchCriteriaId":"F824F6EC-4EA6-4C23-B174-2D8E5587E9E1"}]}]}],"references":[{"url":"https:\/\/github.com\/bentoml\/BentoML\/commit\/b35f4f4fcc53a8c3fe8ed9c18a013fe0a728e194","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https:\/\/github.com\/bentoml\/BentoML\/security\/advisories\/GHSA-33xw-247w-6hmc","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/github.com\/bentoml\/BentoML\/security\/advisories\/GHSA-33xw-247w-6hmc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}