Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-hj4w-hm2g-p6w5

GitHub Security Advisory

vLLM Vulnerable to Remote Code Execution via Mooncake Integration

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

## Impacted Deployments

**Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.**

## Description

vLLM integration with mooncake is vaulnerable to remote code execution due to using `pickle` based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.

This is a similar to [GHSA - x3m8 - f7g5 - qhm7](https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7), the problem is in

https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179

Here [recv_pyobj()](https://github.com/zeromq/pyzmq/blob/453f00c5645a3bea40d79f53aa8c47d85038dc2d/zmq/sugar/socket.py#L961) Contains implicit `pickle.loads()`, which leads to potential RCE.

Affected Packages

PyPI vllm
Affected versions: 0.6.5 (fixed in 0.8.5)

Related CVEs

CVE-2025-32444

Key Information

GHSA ID
GHSA-hj4w-hm2g-p6w5
Published
April 29, 2025 2:52 PM
Last Modified
May 29, 2025 4:51 PM
CVSS Score
9.0 /10
Primary Ecosystem
PyPI
Primary Package
vllm
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 26, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.