CRITICAL🇵🇱 Wersja polska

CVE-2024-11041

CVSS 9.8v3.0pub. 2025-03-20upd. 2025-07-31

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary code.

🤖 AI Analysis
How it works

The MessageQueue.dequeue() function directly passes data received from a network socket to the pickle.loads function without performing any validation or source verification. The pickle mechanism in Python is inherently unsafe when deserializing untrusted data, as it allows arbitrary executable code to be embedded in the payload. An attacker can send a crafted payload to the MessageQueue queue, which will be automatically deserialized and executed on the victim's machine.

Impact

An unauthenticated attacker can remotely execute arbitrary code on the server (RCE), which in practice means complete system takeover, data theft, backdoor installation, or further network propagation (lateral movement).

Mitigation & patch

Apply patches available from the vendor according to the references. Patch details are available at: https://huntr.com/bounties/00136195-11e0-4ad0-98d5-72db066e867f. Until the patch is deployed, restrict network access to the MessageQueue API exclusively to trusted hosts using a firewall or network rules.

Who is affected

vllm-project vllm version v0.6.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Vllm

    APP
    Vllm
    0.6.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-48746CRITICAL9.1PL ✓ten sam produkt

Pominięcie uwierzytelnienia w vLLM — bypass klucza API OpenAI

CVE-2026-22778CRITICAL9.8PL ✓ten sam produkt

vLLM: wyciek adresu sterty umożliwiający RCE przez endpoint multimodalny

CVE-2025-47277CRITICAL9.8PL ✓ten sam produkt

vLLM: niezamierzone nasłuchiwanie TCPStore na wszystkich interfejsach sieciowych

CVE-2025-32444CRITICAL10.0PL ✓ten sam produkt

RCE w vLLM poprzez deserializację pickle na niezabezpieczonych gniazdach ZeroMQ

CVE-2025-29783CRITICAL9.0PL ✓ten sam produkt

RCE przez niebezpieczną deserializację w vLLM z Mooncake (ZMQ/TCP)