VulnWatch VulnWatch
← Back to dashboard
Low osv · GHSA-hj4w-hm2g-p6w5

vLLM Vulnerable to Remote Code Execution via Mooncake Integration

Published Apr 29, 2025 CVSS 3.1

Impacted Deployments

Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.

Description

vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.

This is a similar to GHSA - x3m8 - f7g5 - qhm7, the problem is in

https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179

Here recv_pyobj() Contains implicit pickle.loads(), which leads to potential RCE.

Remote Code Execution

Affected AI Products

vllm
View original source
Get the weekly digest. Every Monday: top AI security stories of the week. Free.