PYSEC-2025-58
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/vllm/PYSEC-2025-58.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2025-58
- Aliases
- Published
- 2025-01-27T18:15:41Z
- Modified
- 2025-06-27T21:56:54.188774Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. This vulnerability is fixed in v0.7.0.
- References
Affected packages
PyPI / vllm
Package
- Name
- vllm
- View open source insights on deps.dev
- Purl
- pkg:pypi/vllm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vllm-project/vllm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.7.0
Affected versions
0.*
0.0.1
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.2.0
0.2.1
0.2.1.post1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.4.0.post1
0.4.1
0.4.2
0.4.3
0.5.0
0.5.0.post1
0.5.1
0.5.2
0.5.3
0.5.3.post1
0.5.4
0.5.5
0.6.0
0.6.1
0.6.1.post1
0.6.1.post2
0.6.2
0.6.3
0.6.3.post1
0.6.4
0.6.4.post1
0.6.5
0.6.6
0.6.6.post1