CVE-2025-27520 PoC — BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization

Source

https://github.com/amalpvatayam67/day09-bentoml-deser-lab

Associated Vulnerability

Title:BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization (CVE-2025-27520)
Description:BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3.

Description

ay 09 — CVE-2025-27520 (BentoML-style insecure deserialization) — Local Docker lab

Readme

# Day 09 — CVE-2025-27520 (BentoML-style insecure deserialization) — Local Docker lab

**This lab reproduces the insecure deserialization class that led to CVE-2025-27520.**  
It is intentionally vulnerable for educational purposes. Run locally in Docker only.

## Quickstart

Build and run:

```bash
docker build -t day09-bentoml-lab .
docker run --rm -d -p 8080:8080 --name day09 day09-bentoml-lab
```

File Snapshot


 [4.0K]  /data/pocs/98fb0c5d2dc997ee145c9e343ecd7633568eeab7
├── [7.2K]  app.py
├── [ 224]  DISCLAIMER.md
├── [ 641]  Dockerfile
├── [ 500]  entrypoint.sh
├── [ 915]  exploit.sh
├── [ 408]  README.md
└── [ 179]  requirements.txt

0 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!