Platform
python
Component
bentoml
Fixed in
1.4.1
1.4.19
CVE-2025-54381 represents a critical Server-Side Request Forgery (SSRF) vulnerability discovered in BentoML, a model serving platform. This flaw allows unauthenticated attackers to initiate arbitrary HTTP requests from the server, potentially exposing internal resources or performing malicious actions. The vulnerability affects versions of BentoML up to and including 1.4.9, and a fix is available in version 1.4.19.
The SSRF vulnerability in BentoML arises from insecure handling of file uploads within the serialization/deserialization process for multipart form data and JSON requests. BentoML automatically downloads files from user-provided URLs without proper validation of internal network addresses. This allows an attacker to craft malicious requests that instruct the server to fetch data from internal services or external resources, effectively bypassing authentication and authorization controls. The potential impact includes unauthorized access to sensitive data, modification of internal configurations, and even the execution of arbitrary code on the server, depending on the targeted internal services. This vulnerability is particularly concerning given BentoML's role in deploying and serving machine learning models, which often handle sensitive data and critical business logic.
CVE-2025-54381 was publicly disclosed on 2025-07-29. The vulnerability's severity is considered CRITICAL (CVSS 9.9). Public proof-of-concept exploits are likely to emerge given the ease of exploitation inherent in SSRF vulnerabilities. The vulnerability impacts deployments where BentoML is used to serve machine learning models, particularly those with access to internal network resources. No KEV listing or confirmed exploitation campaigns are currently known.
Exploit Status
EPSS
0.50% (66% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-54381 is to upgrade BentoML to version 1.4.19 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to BentoML instances using firewalls or network segmentation. Additionally, implement strict input validation on all file upload parameters to prevent attackers from injecting malicious URLs. Web Application Firewalls (WAFs) configured to block suspicious outbound requests can also provide a layer of defense. Monitor BentoML logs for unusual outbound HTTP requests originating from unexpected sources.
Update BentoML to version 1.4.19 or higher. This version contains a fix for the SSRF vulnerability. The update will prevent unauthenticated remote attackers from making arbitrary HTTP requests through your server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-54381 is a CRITICAL SSRF vulnerability in BentoML model serving platform versions up to 1.4.9, allowing attackers to make unauthorized HTTP requests.
If you are using BentoML versions 1.4.9 or earlier, you are affected by this vulnerability. Assess your deployments immediately.
Upgrade BentoML to version 1.4.19 or later. Implement temporary workarounds like network restrictions and input validation if immediate upgrade is not possible.
While no confirmed exploitation campaigns are currently known, the vulnerability's severity and ease of exploitation suggest active exploitation is possible.
Refer to the official BentoML security advisory for detailed information and updates: [https://github.com/bentoml/bentoml/security/advisories/GHSA-xxxx-xxxx-xxxx](Replace with actual advisory URL)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.