automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit b74860a17ee4 · 2025-04-22T19:40:20.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -61683,6 +61683,65 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/bentoml_runner_server_rce_cve_2025_32375": {
+    "name": "BentoML's runner server RCE",
+    "fullname": "exploit/linux/http/bentoml_runner_server_rce_cve_2025_32375",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2025-04-09",
+    "type": "exploit",
+    "author": [
+      "SeaWind",
+      "Takahiro Yokoyama"
+    ],
+    "description": "There was an insecure deserialization in BentoML's runner server prior to version 1.4.8.\n          By setting specific headers and parameters in the POST request, it is possible to execute unauthorized arbitrary code in the context of the user running the server,\n          which will grant initial access and information disclosure.",
+    "references": [
+      "CVE-2025-32375",
+      "URL-https://github.com/advisories/GHSA-7v4r-c989-xh26"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 3000,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Python payload",
+      "Linux Command"
+    ],
+    "mod_time": "2025-04-22 21:57:05 +0000",
+    "path": "/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/bentoml_runner_server_rce_cve_2025_32375",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/beyondtrust_pra_rs_unauth_rce": {
     "name": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution",
     "fullname": "exploit/linux/http/beyondtrust_pra_rs_unauth_rce",
