How to fix CVE-2025-27520?

Within 24 hours: Identify all affected systems running the latest and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

Is Python affected by CVE-2025-27520?

Organizations using the latest face critical risk from CVE-2025-27520, a insecure deserialization vulnerability rated CVSS 9.8. Insecure deserialization could allow attackers to execute arbitrary code by providing crafted serialized data.

CVE-2025-27520

CRITICAL

2025-04-04 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:35 vuln.today

Patch Released

Mar 28, 2026 - 18:35 nvd

Patch available

PoC Detected

Jun 27, 2025 - 12:48 vuln.today

Public exploit code

CVE Published

Apr 04, 2025 - 15:15 nvd

CRITICAL 9.8

Description

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3.

Analysis

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deserialization. The serving endpoint accepts pickled Python objects that are deserialized without validation, allowing attackers to execute arbitrary code on any BentoML inference server.

Technical Context

BentoML's HTTP serving endpoint accepts serialized Python objects for model inference. The framework uses Python's pickle module to deserialize incoming request data without implementing any security controls or class allowlisting. An attacker can craft a malicious pickled object containing a __reduce__ method that executes arbitrary Python code during deserialization.

Affected Products

['BentoML <= 1.4.2']

Remediation

Update to BentoML 1.4.3 or later. Never expose BentoML serving endpoints directly to the internet without authentication. Implement network-level access controls. Consider using safer serialization formats (JSON, Protocol Buffers) instead of pickle for inference requests.

Priority Score

156

Low Medium High Critical

KEV: 0

EPSS: +87.3

CVSS: +49

POC: +20

CVE-2025-27520 vulnerability details – vuln.today

Back

CVE-2025-27520

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-27520

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code