Description

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.

INFO

Published Date :

2025-03-19T15:33:28.951Z

Last Modified :

2025-03-22T00:02:54.404Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-29783 vulnerability.

Vendors Products
Vllm
  • Vllm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-29783.

URL Resource
https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2 cve-icon cve-icon cve-icon
https://github.com/vllm-project/vllm/pull/14228 cve-icon cve-icon cve-icon
https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-29783 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-29783 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact