GHSA-ggpf-24jw-3fcw: CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0

April 23, 2025

https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54 reported a vulnerability where loading a malicious model could result in code execution on the vllm host. The fix applied to specify weights_only=True to calls to torch.load() did not solve the problem prior to PyTorch 2.6.0.

PyTorch has issued a new CVE about this problem: https://github.com/advisories/GHSA-53q9-r3pm-6pq6

This means that versions of vLLM using PyTorch before 2.6.0 are vulnerable to this problem.

References

github.com/advisories/GHSA-ggpf-24jw-3fcw
github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
github.com/vllm-project/vllm
github.com/vllm-project/vllm/security/advisories/GHSA-ggpf-24jw-3fcw
github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54

Code Behaviors & Features

Detect and mitigate GHSA-ggpf-24jw-3fcw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →