Deserialization Vulnerability in vLLM Inference Engine from vLLM Project
CVE-2025-30165

8HIGH

Key Information:

Vendor

Vllm-project

Status
Vllm
Vendor
CVE Published:
6 May 2025

What is CVE-2025-30165?

The vLLM inference and serving engine is susceptible to a deserialization vulnerability when deployed in a multi-node configuration using its V0 engine. This issue arises from the use of ZeroMQ for inter-node communication. Secondary vLLM hosts can open a SUB ZeroMQ socket and connect to an XPUB socket on the primary host. Data received on this SUB socket is deserialized using pickle, a practice that can be exploited to execute arbitrary code on connected machines. This poses a risk to the entire deployment if an attacker gains access to the primary host. Furthermore, exploitation can occur without direct access to the primary node through means such as ARP cache poisoning. Given that the V0 engine has been disabled by default since version 0.8.0 and that this issue only affects specific deployment configurations, it is advised that users ensure their environments are secured on trusted networks. The more secure V1 engine remains unaffected, providing a mitigation pathway for vLLM users.

Affected Version(s)

vllm >= 0.5.2, <= 0.8.5.post1

References

https://github.com/vllm-project/vllm/security/advisories/...
x_refsource_CONFIRM
https://github.com/vllm-project/vllm/blob/c21b99b91241409...
x_refsource_MISC
https://github.com/vllm-project/vllm/blob/c21b99b91241409...
x_refsource_MISC

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.