CVE-2025-32375: 
Python vulnerability analysis and mitigation

BentoML, a Python library for building online serving systems optimized for AI apps and model inference, was found to contain a critical vulnerability (CVE-2025-32375) in its runner server. The vulnerability was discovered and disclosed on April 9, 2025, affecting all versions prior to 1.4.8. The issue stems from an insecure deserialization vulnerability in the runner server component that could allow unauthorized arbitrary code execution (GitHub Advisory).

The vulnerability exists in BentoML's runner server where improper handling of deserialization operations occurs. By manipulating specific headers ('args-number', 'Content-Type', 'Payload-Container', 'Payload-Meta', 'Batch-Size') and parameters in a POST request, an attacker can trigger unsafe deserialization of pickle data. The issue is particularly severe as it occurs when the request header 'args-number' equals 1, triggering the deserializesingle_param function. The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability (GitHub Advisory).

The vulnerability allows attackers to execute arbitrary code on the server without authentication, potentially leading to complete system compromise. Successful exploitation grants attackers initial access and enables information disclosure on the server. Attackers can execute arbitrary OS commands, gain remote shell access, and potentially inject backdoors for persistent access (GitHub Advisory).

The vulnerability has been fixed in BentoML version 1.4.8. Users are strongly advised to upgrade to this version or later to mitigate the risk. No alternative workarounds have been provided (GitHub Advisory).