DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-11157: Feasting on YAML: How a Feature Store Configuration Became a Remote Code Execution Nightmare

#security #cve #cybersecurity

Feasting on YAML: How a Feature Store Configuration Became a Remote Code Execution Nightmare

Vulnerability ID: CVE-2025-11157
CVSS Score: 7.8
Published: 2026-01-01

A high-severity deserialization vulnerability in the Feast machine learning feature store allows attackers with access to Kubernetes ConfigMaps to execute arbitrary code via malicious YAML tags.

TL;DR

Feast <= 0.53.0 uses the unsafe yaml.load() method in its Kubernetes materializer component. This allows an attacker who can modify the materialization job's configuration (via Kubernetes ConfigMaps) to inject Python objects that execute code upon deserialization. The fix is a one-line change to yaml.safe_load() in version 0.54.0.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-502 (Deserialization of Untrusted Data)
  • CVSS Score: 7.8 (High)
  • Attack Vector: Local / Config Injection
  • Library: PyYAML
  • Function: yaml.load(Loader=yaml.Loader)
  • EPSS Score: 0.00278

Affected Systems

  • Feast Feature Store (Python SDK)
  • Kubernetes Clusters running Feast Materializers
  • feast: <= 0.53.0 (Fixed in: 0.54.0)

Code Analysis

Commit: b2e37ff

Fix: use safe_load instead of load in kubernetes materializer

- repo_config = yaml.load(f, Loader=yaml.Loader)
+ repo_config = yaml.safe_load(f)
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Hypothetical: Exploit involves injecting standard PyYAML RCE payloads into Kubernetes ConfigMaps.

Mitigation Strategies

  • Upgrade Feast to version 0.54.0 or later immediately.
  • Restrict Kubernetes RBAC permissions: Audit who can 'update' or 'patch' ConfigMaps in the Feast namespace.
  • Implement Pod Security Standards to restrict the capabilities of the materializer pods.

Remediation Steps:

  1. Identify all Feast deployments running versions <= 0.53.0.
  2. Pull the latest image for the materializer job or rebuild your custom images with the patched SDK.
  3. Deploy version 0.54.0.
  4. Rotate any credentials (AWS keys, DB passwords) that were accessible to the materializer pods if you suspect compromise.

References

Read the full report for CVE-2025-11157 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)