CVE-2024-9053
published 2025-03-20CVE-2024-9053: vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.27%
66.3th percentile
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vllm-project | vllm | — | — |
| vllm-project | vllm-project_vllm | unspecified – latest | — |
| vllm | vllm | 0 – 0.6.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unsafe deserialization via cloudpickle.loads() on untrusted network data in vllm's AsyncEngineRPCServer — monitor for calls to cloudpickle.loads() processing data received from RPC entrypoints in run_server_loop()/_make_handler_coro() ↗
- →Focus detection on the AsyncEngineRPCServer() RPC server entrypoints in vllm version 0.6.0 as the attack surface for malicious pickle payload delivery ↗
- →Alert on remote code execution attempts via deserialization of untrusted/malicious pickle data sent to the vLLM AsyncEngineRPCServer ↗
- ·No mitigation is currently available from Red Hat Product Security that meets ease-of-use, deployment, applicability, or stability criteria ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
ghsa·2025-03-20
CVE-2024-9053 [CRITICAL] CWE-502 vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.
OSV
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
osv·2025-03-20
CVE-2024-9053 [CRITICAL] vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.
Red Hat
vllm: Remote Code Execution in vllm-project/vllm
vendor_redhat·2025-03-20·CVSS 9.8
CVE-2024-9053 [CRITICAL] CWE-78 vllm: Remote Code Execution in vllm-project/vllm
vllm: Remote Code Execution in vllm-project/vllm
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.
A flaw was found in the vLLM AsyncEngineRPCServer. This vulnerability allows remote code execution via deserialization of untrusted data.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Pac
No detection rules found.
No public exploits indexed.
2025-03-20
Published