AVID-2026-R1692

Description

vLLM Vulnerable to Remote Code Execution via Mooncake Integration (CVE-2025-32444)

Details

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.

Reason for inclusion in AVID: The report describes a targeted security vulnerability in a software component (vLLM) used to deploy and serve AI models. It enables remote code execution via insecure deserialization (CWE-502) over network sockets when Mooncake integration is used, directly impacting AI serving stacks. It is a software supply-chain issue (model-serving/runtime/component in AI pipelines) and not hardware/firmware-only. Patch details and references are provided, including affected versions and mitigation.

References

• NVD entry
• https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5
• https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
• https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c
• https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179

Affected or Relevant Artifacts

• Developer: vllm-project
• Deployer: vllm-project
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2025-04-30
• Version: 0.3.3
• AVID Entry