CRITICAL🇵🇱 Wersja polska

CVE-2025-32444

CVSS 10.0v3.1pub. 2025-04-30upd. 2025-05-28

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.

🤖 AI Analysis
How it works

The vulnerable vLLM integration with mooncake uses the pickle format to serialize data transmitted over ZeroMQ sockets. These sockets are configured to listen on all network interfaces, significantly increasing the accessibility of network-based attacks. Since communication is not secured with authentication or encryption, an unauthenticated attacker can send a crafted pickle payload that, when deserialized, causes arbitrary code execution on the server (CWE-502: Deserialization of Untrusted Data).

Impact

An attacker without any authentication and with network access to the vulnerable host can gain full control over the server — execute arbitrary code, access data, and affect system availability and integrity (full C/I/A: HIGH with scope Changed).

Mitigation & patch

Update vLLM to version 0.8.5 or newer, which contains the patch eliminating the vulnerability. Until the update is applied, it is recommended to restrict network access to ZeroMQ ports using a firewall and disable mooncake integration if not required.

Who is affected

vLLM in versions 0.6.5 to 0.8.5 (only) with active mooncake integration. vLLM instances not using mooncake integration are not vulnerable.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Vllm

    APP
    Vllm
    0.6.5 – 0.8.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-48746CRITICAL9.1PL ✓ten sam produkt

Pominięcie uwierzytelnienia w vLLM — bypass klucza API OpenAI

CVE-2026-22778CRITICAL9.8PL ✓ten sam produkt

vLLM: wyciek adresu sterty umożliwiający RCE przez endpoint multimodalny

CVE-2025-47277CRITICAL9.8PL ✓ten sam produkt

vLLM: niezamierzone nasłuchiwanie TCPStore na wszystkich interfejsach sieciowych

CVE-2024-11041CRITICAL9.8PL ✓ten sam produkt

RCE przez niebezpieczną deserializację w vllm MessageQueue.dequeue()

CVE-2025-29783CRITICAL9.0PL ✓ten sam produkt

RCE przez niebezpieczną deserializację w vLLM z Mooncake (ZMQ/TCP)