CVE-2025-9141: vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

August 21, 2025

An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call.

References

github.com/advisories/GHSA-79j6-g2m3-jgfw
github.com/vllm-project/vllm
github.com/vllm-project/vllm/commit/4594fc3b281713bd3d7634405b4a1393af40d294
github.com/vllm-project/vllm/pull/21396
github.com/vllm-project/vllm/security/advisories/GHSA-79j6-g2m3-jgfw
nvd.nist.gov/vuln/detail/CVE-2025-9141

Code Behaviors & Features

Detect and mitigate CVE-2025-9141 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →