CRITICAL 10.0 PyPI
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
GHSA-hj4w-hm2g-p6w5 · CVE-2025-32444 · PYSEC-2025-42
Published · Modified
Description
Impacted Deployments
Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.
Description
vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.
This is a similar to GHSA - x3m8 - f7g5 - qhm7, the problem is in
Here recv_pyobj() Contains implicit pickle.loads(), which leads to potential RCE.
References
- WEB https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5
- WEB https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-32444
- WEB https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-42.yaml
- PACKAGE https://github.com/vllm-project/vllm
- WEB https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179
Ready to move
Start Securing
Free, no credit card | First findings in minutes