
We found results for “”
CVE-2025-29783
Good to know:


Date: March 19, 2025
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Deserialization of Untrusted Data
CWE-502Top Fix

Upgrade Version
Upgrade to version vllm - 0.8.0;vllm - 0.8.0;https://github.com/vllm-project/vllm.git - v0.8.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | ADJACENT_NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |