GHSA-hj4w-hm2g-p6w5

Suggest an improvement
Source
https://github.com/advisories/GHSA-hj4w-hm2g-p6w5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-hj4w-hm2g-p6w5/GHSA-hj4w-hm2g-p6w5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hj4w-hm2g-p6w5
Aliases
  • CVE-2025-32444
Related
Published
2025-04-29T14:52:29Z
Modified
2025-04-30T17:56:10.271581Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
Details

Impacted Deployments

Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.

Description

vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.

This is a similar to GHSA - x3m8 - f7g5 - qhm7, the problem is in

https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kvtransfer/kvpipe/mooncake_pipe.py#L179

Here recv_pyobj() Contains implicit pickle.loads(), which leads to potential RCE.

Database specific
{
    "nvd_published_at": "2025-04-30T01:15:51Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-29T14:52:29Z"
}
References

Affected packages

PyPI / vllm

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.6.5
Fixed
0.8.5

Affected versions

0.*

0.6.5
0.6.6
0.6.6.post1
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4