Exploit for Deserialization of Untrusted Data in Bentoml CVE-2025-27520

Name: Exploit for Deserialization of Untrusted Data in Bentoml CVE-2025-27520
Rating: 5 (234 reviews)

2025-09-22 | CVSS 9.8

## https://sploitus.com/exploit?id=19A26B8C-CB30-5C06-8C14-4B71CBC4E6A5
# Day 09 — CVE-2025-27520 (BentoML-style insecure deserialization) — Local Docker lab

**This lab reproduces the insecure deserialization class that led to CVE-2025-27520.**  
It is intentionally vulnerable for educational purposes. Run locally in Docker only.

## Quickstart

Build and run:

```bash
docker build -t day09-bentoml-lab .
docker run --rm -d -p 8080:8080 --name day09 day09-bentoml-lab
```