3 matches found
CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...
PT-2025-47650
Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. The /v1/chat/completions and /tokenize API endpoints accept a chat template kwargs request parameter that is not properly...
PT-2025-47648
Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. A memory corruption issue exists in the Completions API endpoint, specifically when processing user-supplied prompt...