Remote Code Execution Vulnerability in vLLM by vllm Project
CVE-2025-66448

7.1HIGH

Key Information:

Vendor

Vllm-project

Status
Vllm
Vendor
CVE Published:
1 December 2025

What is CVE-2025-66448?

vLLM, an inference and serving engine for large language models, contains a significant vulnerability in versions prior to 0.11.1. This issue arises from the configuration class Nemotron_Nano_VL_Config which exposes a remote code execution risk when loading a model configuration that features an auto_map entry. Despite the trust_remote_code setting being set to False, the vulnerability allows for the automatic fetching and execution of malicious Python code hosted on a remote repository, paving the way for potential attacks. Users are advised to upgrade to version 0.11.1 to mitigate this risk effectively.

Affected Version(s)

vllm < 0.11.1

References

https://github.com/vllm-project/vllm/security/advisories/...
x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/28126
x_refsource_MISC
https://github.com/vllm-project/vllm/commit/ffb08379d8870...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.