CVE-2025-11157 is a deserialization vulnerability classified under CWE-502 found in feast-dev/feast version 0.53.0, specifically within the Kubernetes materializer job component located at feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py. The vulnerability arises from the use of the unsafe yaml.load function with yaml.Loader to deserialize two critical YAML configuration files: /var/feast/feature_store.yaml and /var/feast/materialization_config.yaml. Unlike safer alternatives such as yaml.safe_load, yaml.load with yaml.Loader allows instantiation of arbitrary Python objects during deserialization. This flaw enables an attacker who can modify these YAML files—likely through compromised access or misconfigured permissions—to execute arbitrary operating system commands on the Kubernetes worker pod running the materializer job. The attack surface includes any scenario where an attacker can influence or replace these YAML files before the configuration is validated. Successful exploitation can lead to full cluster compromise, data poisoning attacks that corrupt feature data used in machine learning pipelines, and supply-chain sabotage that undermines trust in data processing workflows. The CVSS v3.0 score is 7.8 (high), reflecting the vulnerability's ability to impact confidentiality, integrity, and availability with low attack complexity and limited privileges required. No public exploits are known at this time, but the potential impact on Kubernetes-based data infrastructure is significant.

For European organizations, especially those leveraging feast-dev/feast in Kubernetes environments for feature store management in machine learning pipelines, this vulnerability poses a critical risk. Exploitation can lead to unauthorized remote code execution on worker pods, enabling attackers to escalate privileges within the cluster, manipulate or poison feature data, and disrupt or sabotage data workflows. This can result in loss of data integrity, exposure of sensitive information, and operational downtime. Organizations in sectors such as finance, healthcare, and critical infrastructure that rely on accurate and secure ML data pipelines are particularly vulnerable. The potential for supply-chain sabotage also raises concerns for organizations integrating feast-dev/feast into broader data ecosystems. Given the reliance on Kubernetes clusters, any compromise could cascade to other services and workloads, amplifying the impact.

To mitigate this vulnerability, European organizations should: 1) Immediately restrict and audit access permissions to the YAML configuration files (/var/feast/feature_store.yaml and /var/feast/materialization_config.yaml) to prevent unauthorized modifications. 2) Replace the unsafe yaml.load calls with yaml.safe_load or equivalent safe deserialization methods in the feast-dev/feast codebase to eliminate arbitrary object instantiation risks. 3) Implement strict validation and integrity checks on configuration files before deserialization to detect tampering. 4) Employ Kubernetes security best practices such as Pod Security Policies, Role-Based Access Control (RBAC), and network segmentation to limit the blast radius of a compromised pod. 5) Monitor logs and audit trails for unusual activity related to configuration file changes and pod behavior. 6) Stay updated with feast-dev/feast releases and apply patches promptly once available. 7) Consider running the materializer job with minimal privileges and in isolated namespaces to reduce potential impact. 8) Conduct regular security assessments and penetration tests focusing on configuration management and deserialization risks within Kubernetes environments.