Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Remote Code Execution in BentoML, PoC Available, Patch Immediately!
Image
Published : 08/04/2025
- Last update: 08/04/2025
- Affected software: BentoML version 1.4.2
- Type: Remote Code Execution (RCE)
- CVE/CVSS
→ CVE-2025-27520: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Github - https://github.com/bentoml/BentoML/security/advisories/GHSA-33xw-247w-6hmc
Risks
The successful exploitation of CVE-2025-27520, could allow a remote attacker to execute arbitrary code on an affected server. An attacker exploiting this vulnerability could severely impact the confidentiality, availability and integrity of affected systems.
A proof-of-concept exploit (PoC) is available, urging users to update to the latest version of BentoML 1.4.3.
Description
CVE-2025-27520 is a remote code execution (RCE) vulnerability rated as critical affecting BentoML, a Python library used for building online serving systems optimized for AI applications and model inference.
The RCE vulnerability exist due to insecure deserialization that has been identified in BentoML v1.4.2 As a result, an unauthenticated attacker to send crafted serialized data through HTTP requests, which can lead to arbitrary code execution on the server. This can potentially lead to complete system compromise; data theft; denial of service (DoS) and installation of malware.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Security online - https://securityonline.info/cve-2025-27520-critical-bentoml-flaw-allows-full-remote-code-execution-exploit-available/