A high-severity vulnerability has been discovered in multiple BentoML products, which are used for deploying and serving AI applications. This flaw, rated with a CVSS score of 7.4, could allow an unauthenticated remote attacker to gain unauthorized access to sensitive files on the server. Successful exploitation could lead to the theft of proprietary AI models, sensitive data, or credentials, posing a significant risk to data confidentiality and system integrity.

The vulnerability is a path traversal flaw within the API endpoint responsible for serving static assets. An unauthenticated remote attacker can exploit this by crafting a malicious HTTP request with specially formatted path sequences (e.g., ../../). This manipulation bypasses standard access controls, allowing the attacker to read arbitrary files from the filesystem of the hosting server with the permissions of the BentoML service account.

This vulnerability is rated as High severity with a CVSS score of 7.4. Exploitation could have a significant business impact, including the compromise of confidential data such as proprietary machine learning models, training datasets, application source code, and configuration files containing sensitive credentials. This could lead to intellectual property theft, regulatory fines, reputational damage, and provide an attacker with a foothold to move laterally within the network. Disruption of the AI service is also possible if critical system files are accessed or manipulated.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected systems immediately. Before and after patching, closely monitor system and application logs for any signs of exploitation attempts, such as unusual API requests containing directory traversal patterns. Review historical access logs to identify any potential compromise prior to the patch application.

Proactive Monitoring: Implement enhanced monitoring for BentoML application servers. Specifically, configure logging and alerting for HTTP requests to API endpoints that contain suspicious patterns like ../, ..%2f, or other path traversal encodings. Monitor for unexpected outbound network connections or file access activity from the BentoML service process, which could indicate a successful breach.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block path traversal attacks. Additionally, ensure the BentoML service runs with the lowest possible user privileges (least privilege principle) to limit the scope of file access an attacker could achieve. Harden the server by restricting file system permissions for the service account to only the directories it absolutely needs to function.

Public Exploit Available: false

Given the high severity (CVSS 7.4) of this vulnerability and its potential to expose sensitive intellectual property and system data, we strongly recommend that organizations prioritize the immediate deployment of vendor-supplied patches. Although this CVE is not currently listed in the CISA KEV catalog, the risk of exploitation is significant. Organizations should treat this as an urgent security issue and apply updates, followed by diligent monitoring to ensure systems remain secure.