Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.
vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle
based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.
This is a similar to GHSA - x3m8 - f7g5 - qhm7, the problem is in
https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kvtransfer/kvpipe/mooncake_pipe.py#L179
Here recv_pyobj() Contains implicit pickle.loads()
, which leads to potential RCE.
{ "nvd_published_at": "2025-04-30T01:15:51Z", "cwe_ids": [ "CWE-502" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2025-04-29T14:52:29Z" }