cbcvebase.
CVE-2025-29783
published 2025-03-19

CVE-2025-29783: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed…

PriorityP356critical9CVSS 3.1
AVAACLPRLUINSCCHIHAH
EPSS
0.82%
52.6th percentile
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.

Affected

4 ranges
VendorProductVersion rangeFixed in
vllm-projectvllm
vllmvllm>= 0 < 288ca110f68d23909728627d3100e5a8db820aa2288ca110f68d23909728627d3100e5a8db820aa2
vllmvllm>= 0.6.5 < 0.8.00.8.0
vllmvllm>= 0.6.5 < 0.8.00.8.0

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unsafe deserialization traffic over ZMQ/TCP exposed on all network interfaces in vLLM Mooncake-enabled deployments
  • Flag vLLM deployments configured to use Mooncake for KV distribution across hosts as high-risk for RCE via deserialization
  • Monitor for unexpected inbound ZMQ/TCP connections to vLLM distributed hosts, especially from untrusted network sources, as the attack surface is all network interfaces
  • ·Vulnerability only affects vLLM deployments where Mooncake integration is enabled for KV distribution; deployments without Mooncake are not affected
  • ·RHEL-AI packages are confirmed not affected as Mooncake is not included in that distribution
  • ·The vulnerability is fixed in vLLM version 0.8.0; unpatched versions below this are vulnerable when Mooncake is in use
  • ·A possible mitigation short of patching is making fields transient to protect them from deserialization

CVSS provenance

nvdv3.19.0CRITICALCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.