{"api_version":"1","generated_at":"2026-07-03T07:05:01+00:00","cve":"CVE-2025-11157","urls":{"html":"https://cve.report/CVE-2025-11157","api":"https://cve.report/api/cve/CVE-2025-11157.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-11157","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-11157"},"summary":{"title":"Arbitrary Code Execution in feast-dev/feast","description":"A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the use of `yaml.load(..., Loader=yaml.Loader)` to deserialize `/var/feast/feature_store.yaml` and `/var/feast/materialization_config.yaml`. This method allows for the instantiation of arbitrary Python objects, enabling an attacker with the ability to modify these YAML files to execute OS commands on the worker pod. This vulnerability can be exploited before the configuration is validated, potentially leading to cluster takeover, data poisoning, and supply-chain sabotage.","state":"PUBLISHED","assigner":"@huntr_ai","published_at":"2026-01-01 07:16:00","updated_at":"2026-06-30 03:16:41"},"problem_types":["CWE-502","CWE-502 CWE-502 Deserialization of Untrusted Data","CWE-502 Deserialization of Untrusted Data"],"metrics":[{"version":"3.1","source":"ADP","type":"CVSS","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.0","source":"security@huntr.dev","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}}],"references":[{"url":"https://github.com/feast-dev/feast/commit/b2e37ff37953b68ae833f6874ab5bc510a4ca5fb","name":"https://github.com/feast-dev/feast/commit/b2e37ff37953b68ae833f6874ab5bc510a4ca5fb","refsource":"security@huntr.dev","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:10184","name":"https://access.redhat.com/errata/RHSA-2026:10184","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://huntr.com/bounties/46d4d585-b968-4a76-80ce-872bc5525564","name":"https://huntr.com/bounties/46d4d585-b968-4a76-80ce-872bc5525564","refsource":"security@huntr.dev","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-11157","name":"https://access.redhat.com/security/cve/CVE-2025-11157","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426574","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2426574","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11157.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11157.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-11157","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11157","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"feast-dev","product":"feast-dev/feast","version":"affected unspecified 0.54.0 custom","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","version":"","platforms":[]}],"timeline":[{"source":"ADP","time":"2026-01-01T08:00:48.932Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-01-01T07:03:57.277Z","lang":"en","value":"Made public."}],"solutions":[{"source":"ADP","title":"","value":"RHSA-2026:10184: Red Hat OpenShift AI 2.25","time":"","lang":"en"}],"workarounds":[{"source":"ADP","title":"","value":"Implement strict access controls and least privilege principles for the Feast Kubernetes materializer job. Ensure that only authorized users and processes have write access to the `/var/feast/feature_store.yaml` and `/var/feast/materialization_config.yaml` files on the worker pods. This can be achieved through Kubernetes Role-Based Access Control (RBAC) policies and appropriate OpenShift security context constraints to limit file system access.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"11157","cve":"CVE-2025-11157","epss":"0.002640000","percentile":"0.178350000","score_date":"2026-07-01","updated_at":"2026-07-02 00:05:26"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-11157","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-01-05T19:58:18.282855Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-01-05T19:59:19.974Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 2.25","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"}],"datePublic":"2026-01-01T07:03:57.277Z","descriptions":[{"lang":"en","value":"A flaw was found in Feast, specifically in the Kubernetes materializer job. An attacker with the ability to modify specific YAML configuration files can exploit an insecure deserialization vulnerability. This allows for the instantiation of arbitrary Python objects, leading to remote code execution on the worker pod. Successful exploitation could result in cluster takeover, data poisoning, and supply-chain sabotage."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:46:41.119Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-11157"},{"name":"RHBZ#2426574","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426574"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11157.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10184"}],"solutions":[{"lang":"en","value":"RHSA-2026:10184: Red Hat OpenShift AI 2.25"}],"timeline":[{"lang":"en","time":"2026-01-01T08:00:48.932Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-01-01T07:03:57.277Z","value":"Made public."}],"title":"feast: Feast: Remote Code Execution via insecure YAML deserialization","workarounds":[{"lang":"en","value":"Implement strict access controls and least privilege principles for the Feast Kubernetes materializer job. Ensure that only authorized users and processes have write access to the `/var/feast/feature_store.yaml` and `/var/feast/materialization_config.yaml` files on the worker pods. This can be achieved through Kubernetes Role-Based Access Control (RBAC) policies and appropriate OpenShift security context constraints to limit file system access."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"product":"feast-dev/feast","vendor":"feast-dev","versions":[{"lessThan":"0.54.0","status":"affected","version":"unspecified","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the use of `yaml.load(..., Loader=yaml.Loader)` to deserialize `/var/feast/feature_store.yaml` and `/var/feast/materialization_config.yaml`. This method allows for the instantiation of arbitrary Python objects, enabling an attacker with the ability to modify these YAML files to execute OS commands on the worker pod. This vulnerability can be exploited before the configuration is validated, potentially leading to cluster takeover, data poisoning, and supply-chain sabotage."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502 Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-01-01T07:03:57.277Z","orgId":"c09c270a-b464-47c1-9133-acb35b22c19a","shortName":"@huntr_ai"},"references":[{"url":"https://huntr.com/bounties/46d4d585-b968-4a76-80ce-872bc5525564"},{"url":"https://github.com/feast-dev/feast/commit/b2e37ff37953b68ae833f6874ab5bc510a4ca5fb"}],"source":{"advisory":"46d4d585-b968-4a76-80ce-872bc5525564","discovery":"EXTERNAL"},"title":"Arbitrary Code Execution in feast-dev/feast"}},"cveMetadata":{"assignerOrgId":"c09c270a-b464-47c1-9133-acb35b22c19a","assignerShortName":"@huntr_ai","cveId":"CVE-2025-11157","datePublished":"2026-01-01T07:03:57.277Z","dateReserved":"2025-09-29T14:28:35.258Z","dateUpdated":"2026-06-30T02:46:41.119Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-01-01 07:16:00","lastModifiedDate":"2026-06-30 03:16:41","problem_types":["CWE-502","CWE-502 CWE-502 Deserialization of Untrusted Data","CWE-502 Deserialization of Untrusted Data"],"metrics":{"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-05T19:58:18.282855Z","id":"CVE-2025-11157","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"11157","Ordinal":"1","Title":"Arbitrary Code Execution in feast-dev/feast","CVE":"CVE-2025-11157","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"11157","Ordinal":"1","NoteData":"A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the use of `yaml.load(..., Loader=yaml.Loader)` to deserialize `/var/feast/feature_store.yaml` and `/var/feast/materialization_config.yaml`. This method allows for the instantiation of arbitrary Python objects, enabling an attacker with the ability to modify these YAML files to execute OS commands on the worker pod. This vulnerability can be exploited before the configuration is validated, potentially leading to cluster takeover, data poisoning, and supply-chain sabotage.","Type":"Description","Title":"Arbitrary Code Execution in feast-dev/feast"}]}}}