Plattform
python
Komponente
bentoml
Behoben in
1.4.1
1.4.19
CVE-2025-54381 represents a critical Server-Side Request Forgery (SSRF) vulnerability discovered in BentoML, a model serving platform. This flaw allows unauthenticated attackers to initiate arbitrary HTTP requests from the server, potentially exposing internal resources or performing malicious actions. The vulnerability affects versions of BentoML up to and including 1.4.9, and a fix is available in version 1.4.19.
The SSRF vulnerability in BentoML arises from insecure handling of file uploads within the serialization/deserialization process for multipart form data and JSON requests. BentoML automatically downloads files from user-provided URLs without proper validation of internal network addresses. This allows an attacker to craft malicious requests that instruct the server to fetch data from internal services or external resources, effectively bypassing authentication and authorization controls. The potential impact includes unauthorized access to sensitive data, modification of internal configurations, and even the execution of arbitrary code on the server, depending on the targeted internal services. This vulnerability is particularly concerning given BentoML's role in deploying and serving machine learning models, which often handle sensitive data and critical business logic.
CVE-2025-54381 was publicly disclosed on 2025-07-29. The vulnerability's severity is considered CRITICAL (CVSS 9.9). Public proof-of-concept exploits are likely to emerge given the ease of exploitation inherent in SSRF vulnerabilities. The vulnerability impacts deployments where BentoML is used to serve machine learning models, particularly those with access to internal network resources. No KEV listing or confirmed exploitation campaigns are currently known.
Organizations deploying machine learning models using BentoML, particularly those with internal network resources accessible to the model serving platform, are at risk. Legacy BentoML deployments and those lacking robust network segmentation are especially vulnerable.
• python / server:
import requests
import urllib.parse
def check_bentoml_ssrf(url):
try:
parsed_url = urllib.parse.urlparse(url)
if parsed_url.scheme in ('http', 'https') and parsed_url.netloc:
# Check for internal IP addresses or unusual domains
if any(octet in parsed_url.netloc for octet in range(1, 256)):
return True
except Exception as e:
print(f"Error parsing URL: {e}")
return False
# Example usage (replace with actual BentoML endpoint)
url = "http://localhost:8000/upload?url=http://169.254.169.254/latest/meta-data/"
if check_bentoml_ssrf(url):
print("Potential SSRF vulnerability detected!")
else:
print("No SSRF vulnerability detected.")• linux / server:
journalctl -u bentoml -f | grep -i "request: http" # Monitor for outbound HTTP requestsdisclosure
patch
Exploit-Status
EPSS
0.50% (66% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-54381 is to upgrade BentoML to version 1.4.19 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to BentoML instances using firewalls or network segmentation. Additionally, implement strict input validation on all file upload parameters to prevent attackers from injecting malicious URLs. Web Application Firewalls (WAFs) configured to block suspicious outbound requests can also provide a layer of defense. Monitor BentoML logs for unusual outbound HTTP requests originating from unexpected sources.
Actualice BentoML a la versión 1.4.19 o superior. Esta versión contiene una corrección para la vulnerabilidad SSRF. La actualización evitará que atacantes remotos no autenticados realicen solicitudes HTTP arbitrarias a través de su servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-54381 is a CRITICAL SSRF vulnerability in BentoML model serving platform versions up to 1.4.9, allowing attackers to make unauthorized HTTP requests.
If you are using BentoML versions 1.4.9 or earlier, you are affected by this vulnerability. Assess your deployments immediately.
Upgrade BentoML to version 1.4.19 or later. Implement temporary workarounds like network restrictions and input validation if immediate upgrade is not possible.
While no confirmed exploitation campaigns are currently known, the vulnerability's severity and ease of exploitation suggest active exploitation is possible.
Refer to the official BentoML security advisory for detailed information and updates: [https://github.com/bentoml/bentoml/security/advisories/GHSA-xxxx-xxxx-xxxx](Replace with actual advisory URL)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.