HIGH
feast-dev
CVE published 2026-01-01
CVE-2025-11157
CVE-2025-11157 is a high-severity remote code execution vulnerability in feast-dev/feast version 0.53.0. The vulnerability exists in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. An attacker can exploit this vulnerability by modifying YAML files to execute OS commands on the worker pod, potentially leading to cluster takeover, data poisoning, [truncated]