Lucene search
+L

359 matches found

RedhatCVE
RedhatCVE
added 2025/05/08 5:6 p.m.20 views

CVE-2025-30165

A flaw was found in vLLM's multi-node configuration, which is vulnerable to remote code execution due to unsafe deserialization using pickle over a ZeroMQ SUB socket. If the primary vLLM host is compromised, attackers can escalate privileges and execute arbitrary code on connected secondary hosts...

8.8CVSS8.3AI score0.00502EPSS
Exploits0References3
Veracode
Veracode
added 2025/05/07 5:21 a.m.11 views

Denial Of Service (DoS)

vLLM is vulnerable to Denial Of Service DoS . The vulnerability is due to improper ZeroMQ socket binding caused by the XPUB socket being bound to all interfaces without access control in multi-node deployments, which allows an attacker to connect to the socket and either receive internal data or...

7.5CVSS7.5AI score0.00505EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2025/05/06 5:16 p.m.48 views

CVE-2025-30165

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

8CVSS0.00502EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/06 4:53 p.m.17 views

CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

8CVSS7.8AI score0.00502EPSS
Exploits0References3
CVE
CVE
added 2025/05/06 4:53 p.m.258 views

CVE-2025-30165

CVE-2025-30165 : In multi-node vLLM deployments using the V0 engine, a secondary host opens a SUB socket and deserializes inbound data with Python’s unsafe pickle over ZeroMQ XPUB/SUB, enabling remote code execution. The issue affects V0 deployments with tensor parallelism across hosts; V1 is una...

8CVSS8.2AI score0.00502EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/05/06 4:53 p.m.51 views

CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

8CVSS0.00502EPSS
Exploits0References3
OSV
OSV
added 2025/05/06 4:53 p.m.9 views

CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

8CVSS7.8AI score0.00502EPSS
Exploits0References5
Snyk
Snyk
added 2025/05/06 4:38 p.m.5 views

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the SUB ZeroMQ socket, where the deserialization is performed using the unsafe pickle library. An attacker on...

8.6CVSS8AI score0.00502EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 4:38 p.m.11 views

GHSA-9PCC-GVX5-R5WM Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

Affected Environments Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by...

8CVSS7.7AI score0.00502EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/05/06 4:38 p.m.12 views

Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

Affected Environments Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by...

8CVSS7.8AI score0.00502EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.4 views

PT-2025-19899

Name of the Vulnerable Software and Affected Versions vllm versions 0.5.2 through 0.8.5.post1 Description The issue exists in the V0 engine of vLLM, which uses ZeroMQ for multi-node communication. When data is received on the SUB ZeroMQ socket, it is deserialized with pickle, allowing for potenti...

8CVSS8.9AI score0.00502EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2025/05/02 1:16 a.m.17 views

CVE-2025-30202

A flaw was found in vLLM's multi-node setup, which exposes sensitive data over a ZeroMQ XPUB socket bound to all interfaces. This vulnerability allows unauthorized clients to intercept and read internal communications if they can access the network. Mitigation Mitigation for this issue is either...

7.5CVSS7.2AI score0.00505EPSS
Exploits1References3
PyPA
PyPA
added 2025/04/30 1:15 a.m.10 views

PYSEC-2025-42

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

10CVSS8.1AI score0.01478EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2025/04/30 1:15 a.m.51 views

CVE-2025-30202

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

7.5CVSS0.00505EPSS
Exploits1References3
NVD
NVD
added 2025/04/30 1:15 a.m.49 views

CVE-2025-32444

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

10CVSS0.01478EPSS
Exploits1References4
OSV
OSV
added 2025/04/30 1:15 a.m.5 views

PYSEC-2025-42

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

9.8CVSS7.6AI score0.01478EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/04/30 12:25 a.m.28 views

CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

10CVSS9.8AI score0.01478EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/04/30 12:25 a.m.51 views

CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

10CVSS0.01478EPSS
Exploits1References4
OSV
OSV
added 2025/04/30 12:25 a.m.20 views

CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

10CVSS8.8AI score0.01478EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/04/30 12:24 a.m.52 views

CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

7.5CVSS0.00505EPSS
Exploits1References3
Rows per page
Query Builder