CVE-2025-11157 is a critical vulnerability identified in feast-dev/feast version 0.53.0, specifically within the Kubernetes materializer job component located at feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py. The root cause is the unsafe use of the PyYAML library's yaml.load function with the yaml.Loader, which permits deserialization of arbitrary Python objects from YAML files. The affected YAML files are /var/feast/feature_store.yaml and /var/feast/materialization_config.yaml. Because yaml.load with yaml.Loader does not restrict object instantiation, an attacker who can modify these YAML files can craft malicious payloads that execute arbitrary OS commands on the Kubernetes worker pod hosting the materializer job. This can lead to remote code execution (RCE) within the cluster environment. The vulnerability can be exploited before any configuration validation occurs, increasing the attack surface. Potential consequences include full cluster takeover, data poisoning attacks that corrupt feature store data, and supply-chain sabotage by manipulating data pipelines. The CVSS v3.0 base score is 7.8, reflecting high severity with local attack vector, low attack complexity, requiring low privileges but no user interaction, and impacting confidentiality, integrity, and availability. No public exploits are known at this time, but the vulnerability poses a significant risk to Kubernetes deployments running feast-dev/feast. The vulnerability is classified under CWE-502 (Deserialization of Untrusted Data), a common and dangerous security flaw in software that processes serialized input without proper validation or sandboxing.

For European organizations, the impact of CVE-2025-11157 can be severe, especially those leveraging feast-dev/feast in Kubernetes-based data infrastructure or machine learning pipelines. Successful exploitation could lead to unauthorized remote code execution on worker pods, enabling attackers to escalate privileges, move laterally within the cluster, and potentially compromise other connected systems. This can result in data poisoning, undermining the integrity of machine learning models and analytics, which may have downstream effects on business decisions and regulatory compliance. Cluster takeover could disrupt availability of critical data services, causing operational downtime and financial losses. Additionally, supply-chain sabotage risks could affect organizations relying on feast-dev/feast as part of their data processing workflows, potentially impacting sectors like finance, healthcare, and manufacturing. Given the increasing adoption of Kubernetes and feast-dev/feast in European enterprises, the vulnerability poses a tangible threat to data security and operational continuity.

To mitigate CVE-2025-11157, organizations should immediately restrict write access to the YAML configuration files (/var/feast/feature_store.yaml and /var/feast/materialization_config.yaml) to trusted administrators only, minimizing the risk of unauthorized modification. Implement strict Kubernetes RBAC policies to limit permissions on pods running feast-dev/feast materializer jobs. Replace the unsafe yaml.load calls with safe alternatives such as yaml.safe_load, which prevents arbitrary object deserialization. If upgrading feast-dev/feast to a patched version is available, prioritize applying the update. Employ runtime security tools to monitor for anomalous command execution within Kubernetes pods. Conduct regular audits of configuration files and Kubernetes cluster security posture. Use network segmentation to isolate critical data processing pods and enforce least privilege principles. Additionally, implement integrity checks or cryptographic validation on configuration files to detect unauthorized changes before deserialization occurs. Finally, incorporate security scanning into CI/CD pipelines to catch unsafe deserialization patterns during development.