CVE-2025-32444 – vllm

Package

Manager: pip
Name: vllm
Vulnerable Version: >=0.6.5 <0.8.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00994 pctl0.76069

Details

vLLM Vulnerable to Remote Code Execution via Mooncake Integration ## Impacted Deployments **Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.** ## Description vLLM integration with mooncake is vaulnerable to remote code execution due to using `pickle` based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. This is a similar to [GHSA - x3m8 - f7g5 - qhm7](https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7), the problem is in https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179 Here [recv_pyobj()](https://github.com/zeromq/pyzmq/blob/453f00c5645a3bea40d79f53aa8c47d85038dc2d/zmq/sugar/socket.py#L961) Contains implicit `pickle.loads()`, which leads to potential RCE.

Metadata

Created: 2025-04-29T14:52:29Z
Modified: 2025-05-29T16:51:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-hj4w-hm2g-p6w5/GHSA-hj4w-hm2g-p6w5.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-hj4w-hm2g-p6w5
Finding: F096
Auto approve: 1