CVE-2025-32444: vLLM Vulnerable to Remote Code Execution via Mooncake Integration
(updated )
vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.
This is a similar to GHSA - x3m8 - f7g5 - qhm7, the problem is in
References
- github.com/advisories/GHSA-hj4w-hm2g-p6w5
- github.com/vllm-project/vllm
- github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py
- github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c
- github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5
- github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
- nvd.nist.gov/vuln/detail/CVE-2025-32444
Code Behaviors & Features
Detect and mitigate CVE-2025-32444 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →