Lucene search
K

8 matches found

OSV
OSV
added 2025/12/02 5:34 p.m.2 views

GHSA-8FR4-5Q9J-M8GM vLLM vulnerable to remote code execution via transformers_utils/get_config

Summary vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with getclassfromdynamicmodule... and immediately instantiates the returned class. This...

7.1CVSS7.2AI score0.00598EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/02 5:34 p.m.7 views

EUVD-2025-200115

vLLM vulnerable to remote code execution via transformersutils/getconfig...

7.1CVSS7.6AI score0.00598EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/02 5:34 p.m.18 views

vLLM vulnerable to remote code execution via transformers_utils/get_config

Summary vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with getclassfromdynamicmodule... and immediately instantiates the returned class. This...

8.8CVSS8.7AI score0.00598EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/12/01 11:15 p.m.8 views

CVE-2025-66448

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

8.8CVSS0.00598EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/01 11:4 p.m.1 views

Arbitrary Code Injection

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the config class named NemotronNanoVLConfig. An attacker can execute arbitrary code on the host system by publishing a...

8.8CVSS8.7AI score0.00598EPSS
Exploits0References2
CVE
CVE
added 2025/12/01 10:45 p.m.31 views

CVE-2025-66448

vLLM (prior to 0.11.1) contains a remote code execution vulnerability in Nemotron_Nano_VL_Config where, during model loading, an auto_map entry can cause get_class_from_dynamic_module to fetch and execute code from a remote repository, bypassing trust_remote_code checks. This can enable an attack...

8.8CVSS7.8AI score0.00598EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/01 10:45 p.m.8 views

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

7.1CVSS7.7AI score0.00598EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/01 10:45 p.m.12 views

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

7.1CVSS0.00598EPSS
Exploits0References3
Rows per page
Query Builder