GHSA-hj4w-hm2g-p6w5

Source

https://github.com/advisories/GHSA-hj4w-hm2g-p6w5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-hj4w-hm2g-p6w5/GHSA-hj4w-hm2g-p6w5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hj4w-hm2g-p6w5

Aliases

CVE-2025-32444

Related

Published

2025-04-29T14:52:29Z

Modified

2025-04-30T17:56:10.271581Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

vLLM Vulnerable to Remote Code Execution via Mooncake Integration

Details

Impacted Deployments

Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.

Description

vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.

This is a similar to GHSA - x3m8 - f7g5 - qhm7, the problem is in

https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kvtransfer/kvpipe/mooncake_pipe.py#L179

Here recv_pyobj() Contains implicit pickle.loads(), which leads to potential RCE.

Database specific

{
    "nvd_published_at": "2025-04-30T01:15:51Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-29T14:52:29Z"
}

References

Affected packages

PyPI / vllm

Package

Name: vllm; View open source insights on deps.dev
Purl: pkg:pypi/vllm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.6.5

Fixed

0.8.5

Affected versions

0.*

0.6.5

0.6.6

0.6.6.post1

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4