CVE-2025-10772

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robotdevices/robots/lekiwiremote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can onl...

lerobot 安全漏洞

lerobot is a robot programming library open-sourced by Hugging Face. A security vulnerability exists in huggingface LeRobot 0.3.3 and earlier versions, which stems from a lack of authentication in the ZeroMQ Socket Handler component and could lead to an attack within the local network...

PT-2025-38670

Name of the Vulnerable Software and Affected Versions huggingface LeRobot versions up to 0.3.3 Description A vulnerability exists in huggingface LeRobot up to version 0.3.3 related to missing authentication within the ZeroMQ Socket Handler functionality of the file lerobot/common/robot...

Denial Of Service (DoS)

vLLM is vulnerable to Denial Of Service DoS . The vulnerability is due to improper ZeroMQ socket binding caused by the XPUB socket being bound to all interfaces without access control in multi-node deployments, which allows an attacker to connect to the socket and either receive internal data or...

CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the SUB ZeroMQ socket, where the deserialization is performed using the unsafe pickle library. An attacker on...

PT-2025-19899

Name of the Vulnerable Software and Affected Versions vllm versions 0.5.2 through 0.8.5.post1 Description The issue exists in the V0 engine of vLLM, which uses ZeroMQ for multi-node communication. When data is received on the SUB ZeroMQ socket, it is deserialized with pickle, allowing for potenti...

CVE-2025-30202

A flaw was found in vLLM's multi-node setup, which exposes sensitive data over a ZeroMQ XPUB socket bound to all interfaces. This vulnerability allows unauthorized clients to intercept and read internal communications if they can access the network. Mitigation Mitigation for this issue is either...

CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

Data exposure via ZeroMQ on multi-node vLLM deployment

Impact In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism acros...

PT-2025-18215 · Vllm +1 · Vllm +1

Name of the Vulnerable Software and Affected Versions: vLLM versions 0.5.2 through 0.8.5 Description: The issue affects vLLM, a high-throughput and memory-efficient inference and serving engine for LLMs. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes,...