CVE-2025-11157
Remote Code Execution in Feast Kubernetes Materializer via Unsafe YAML Deserialization
Publication date: 2026-01-01
Last updated on: 2026-01-01
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| feast-dev | feast | 0.53.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a high-severity remote code execution flaw in feast-dev/feast version 0.53.0. It occurs because the software uses the unsafe yaml.load method to deserialize YAML configuration files, which allows an attacker who can modify these files to execute arbitrary OS commands on the worker pod. This happens before configuration validation, enabling potential cluster takeover, data poisoning, and supply-chain sabotage. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary OS commands on the worker pod, potentially leading to full cluster takeover, data poisoning, and supply-chain sabotage. This can compromise the integrity, availability, and confidentiality of your systems and data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking if your system is running feast-dev/feast version 0.53.0 and if the vulnerable YAML files (/var/feast/feature_store.yaml and /var/feast/materialization_config.yaml) have been modified or contain suspicious content. You can inspect these files for unexpected or malicious YAML constructs that could lead to code execution. Commands to check the version and inspect files include: 1) Check Feast version: `feast --version` or inspect installed package version. 2) Verify file integrity or recent changes: `ls -l /var/feast/feature_store.yaml /var/feast/materialization_config.yaml` and `cat /var/feast/feature_store.yaml` and `cat /var/feast/materialization_config.yaml` to look for suspicious entries. 3) Review logs for unusual activity in the Kubernetes materializer job pods. Since the vulnerability arises from YAML deserialization, monitoring for unexpected process executions or network connections from worker pods may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to update feast-dev/feast to a version that includes the security fix replacing `yaml.load` with `yaml.safe_load` when parsing YAML configuration files. This prevents arbitrary code execution from malicious YAML content. If updating is not immediately possible, restrict write access to the YAML configuration files (/var/feast/feature_store.yaml and /var/feast/materialization_config.yaml) to trusted users only, and monitor for unauthorized modifications. Additionally, consider isolating or limiting permissions of the Kubernetes materializer job pods to reduce impact in case of exploitation. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows for remote code execution, cluster takeover, data poisoning, and supply-chain sabotage, which can lead to unauthorized access and manipulation of sensitive data. Such security breaches can result in non-compliance with standards like GDPR and HIPAA that require protection of data confidentiality, integrity, and availability. Therefore, this vulnerability negatively impacts compliance with these regulations by increasing the risk of data breaches and unauthorized data handling. [1]