Arbitrary Code Execution Vulnerability in vLLM Library
CVE-2025-24357

8.8HIGH

Key Information:

Vendor

Vllm-project

Status
Vllm
Vendor
CVE Published:
27 January 2025

What is CVE-2025-24357?

The vLLM library, used for large language model inference and serving, is susceptible to an arbitrary code execution vulnerability. This arises from the usage of the torch.load function while attempting to load user-provided model checkpoints, which may include malicious pickle data. The hf_model_weights_iterator implementation in vllm/model_executor/weight_utils.py defaults the weights_only parameter to False, allowing the execution of arbitrary code during unpickling. This security issue has been addressed in version 0.7.0 of vLLM.

Affected Version(s)

vllm < 0.7.0

References

https://github.com/vllm-project/vllm/security/advisories/...
x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/12366
x_refsource_MISC
https://github.com/vllm-project/vllm/commit/d3d6bb13fb62d...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.