cbcvebase.
CVE-2025-32444
published 2025-04-30

CVE-2025-32444: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.48%
70.7th percentile
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.

Affected

4 ranges
VendorProductVersion rangeFixed in
vllm-projectvllm
vllmvllm>= 0 < a5450f11c95847cf51a17207af9a3ca5ab569b2ca5450f11c95847cf51a17207af9a3ca5ab569b2c
vllmvllm>= 0.6.5 < 0.8.50.8.5
vllmvllm>= 0.6.5 < 0.8.50.8.5

Detection & IOCsextracted from sources · hover to see the quote

  • Detect pickle-based deserialization over ZeroMQ sockets in vLLM mooncake integration — the vulnerable sockets listen on all network interfaces (0.0.0.0), making them network-reachable for unauthenticated RCE
  • Monitor for ZeroMQ socket bindings to 0.0.0.0 in vLLM processes, especially when the mooncake integration is active — this is the exposed attack surface for CVE-2025-32444
  • Scope detection to vLLM versions 0.6.5 through 0.8.4 with mooncake integration enabled; instances without mooncake are not vulnerable
  • Alert on inbound network connections to ZeroMQ ports on vLLM hosts from unexpected/external sources, particularly where pickle deserialization is performed on received data
  • ·Only vLLM instances using the mooncake integration are vulnerable; vLLM without mooncake is NOT affected
  • ·RHEL-AI packages are confirmed not affected because they do not include Mooncake
  • ·No mitigation short of patching is available; upgrade to vLLM 0.8.5 or later to remediate

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.