{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54381", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-21T16:12:20.733Z", "datePublished": "2025-07-29T22:11:24.407Z", "dateUpdated": "2025-07-30T15:07:10.836Z"}, "containers": {"cna": {"title": "BentoML is Vulnerable to an SSRF Attack Through File Upload Processing", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8"}, {"name": "https://github.com/bentoml/BentoML/commit/534c3584621da4ab954bdc3d814cc66b95ae5fb8", "tags": ["x_refsource_MISC"], "url": "https://github.com/bentoml/BentoML/commit/534c3584621da4ab954bdc3d814cc66b95ae5fb8"}], "affected": [{"vendor": "bentoml", "product": "BentoML", "versions": [{"version": ">= 1.4.0, < 1.4.19", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-29T22:11:24.407Z"}, "descriptions": [{"lang": "en", "value": "BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automatically download files from user-provided URLs without validating whether those URLs point to internal network addresses, cloud metadata endpoints, or other restricted resources. The documentation explicitly promotes this URL-based file upload feature, making it an intended design that exposes all deployed services to SSRF attacks by default. Version 1.4.19 contains a patch for the issue."}], "source": {"advisory": "GHSA-mrmq-3q62-6cc8", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-30T13:32:09.733713Z", "id": "CVE-2025-54381", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T15:07:10.836Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54381", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-21T16:12:20.733Z", "datePublished": "2025-07-29T22:11:24.407Z", "dateUpdated": "2025-07-30T15:07:10.836Z"}, "containers": {"cna": {"title": "BentoML is Vulnerable to an SSRF Attack Through File Upload Processing", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8"}, {"name": "https://github.com/bentoml/BentoML/commit/534c3584621da4ab954bdc3d814cc66b95ae5fb8", "tags": ["x_refsource_MISC"], "url": "https://github.com/bentoml/BentoML/commit/534c3584621da4ab954bdc3d814cc66b95ae5fb8"}], "affected": [{"vendor": "bentoml", "product": "BentoML", "versions": [{"version": ">= 1.4.0, < 1.4.19", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-29T22:11:24.407Z"}, "descriptions": [{"lang": "en", "value": "BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automatically download files from user-provided URLs without validating whether those URLs point to internal network addresses, cloud metadata endpoints, or other restricted resources. The documentation explicitly promotes this URL-based file upload feature, making it an intended design that exposes all deployed services to SSRF attacks by default. Version 1.4.19 contains a patch for the issue."}], "source": {"advisory": "GHSA-mrmq-3q62-6cc8", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54381", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-30T13:32:09.733713Z"}}}], "references": [{"url": "https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T13:32:11.256Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bentoml:bentoml:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDC38760-A29D-4F73-A6EE-1AEF5BE60C37", "versionEndExcluding": "1.4.19", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automatically download files from user-provided URLs without validating whether those URLs point to internal network addresses, cloud metadata endpoints, or other restricted resources. The documentation explicitly promotes this URL-based file upload feature, making it an intended design that exposes all deployed services to SSRF attacks by default. Version 1.4.19 contains a patch for the issue."}, {"lang": "es", "value": "BentoML es una librer\u00eda de Python para crear sistemas de servicios en l\u00ednea optimizados para aplicaciones de IA e inferencia de modelos. En las versiones 1.4.0 a 1.4.19, el sistema de procesamiento de carga de archivos contiene una vulnerabilidad SSRF que permite a atacantes remotos no autenticados forzar al servidor a realizar solicitudes HTTP arbitrarias. La vulnerabilidad se origina en los manejadores de datos de formularios multiparte y solicitudes JSON, que descargan archivos autom\u00e1ticamente desde URL proporcionadas por el usuario sin validar si estas URL apuntan a direcciones de red internas, endpoints de metadatos en la nube u otros recursos restringidos. La documentaci\u00f3n promueve expl\u00edcitamente esta funci\u00f3n de carga de archivos basada en URL, lo que la convierte en un dise\u00f1o que expone todos los servicios implementados a ataques SSRF por defecto. La versi\u00f3n 1.4.19 incluye un parche para este problema."}], "id": "CVE-2025-54381", "lastModified": "2025-08-05T15:41:26.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-07-29T23:15:32.947", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/bentoml/BentoML/commit/534c3584621da4ab954bdc3d814cc66b95ae5fb8"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-30T06:15:17.685888+00:00", "updated": "2025-07-30T06:15:17.685941+00:00", "vendors": ["bentoml", "bentoml$PRODUCT$bentoml"]}