CVE-2025-32444
published 2025-04-30CVE-2025-32444: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.48%
70.7th percentile
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vllm-project | vllm | — | — |
| vllm | vllm | >= 0 < a5450f11c95847cf51a17207af9a3ca5ab569b2c | a5450f11c95847cf51a17207af9a3ca5ab569b2c |
| vllm | vllm | >= 0.6.5 < 0.8.5 | 0.8.5 |
| vllm | vllm | >= 0.6.5 < 0.8.5 | 0.8.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect pickle-based deserialization over ZeroMQ sockets in vLLM mooncake integration — the vulnerable sockets listen on all network interfaces (0.0.0.0), making them network-reachable for unauthenticated RCE ↗
- →Monitor for ZeroMQ socket bindings to 0.0.0.0 in vLLM processes, especially when the mooncake integration is active — this is the exposed attack surface for CVE-2025-32444 ↗
- →Scope detection to vLLM versions 0.6.5 through 0.8.4 with mooncake integration enabled; instances without mooncake are not vulnerable ↗
- →Alert on inbound network connections to ZeroMQ ports on vLLM hosts from unexpected/external sources, particularly where pickle deserialization is performed on received data ↗
- ·Only vLLM instances using the mooncake integration are vulnerable; vLLM without mooncake is NOT affected ↗
- ·RHEL-AI packages are confirmed not affected because they do not include Mooncake ↗
- ·No mitigation short of patching is available; upgrade to vLLM 0.8.5 or later to remediate ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-32444: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs
osv·2025-04-30
CVE-2025-32444 CVE-2025-32444: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.
OSV
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
osv·2025-04-29
CVE-2025-32444 [CRITICAL] vLLM Vulnerable to Remote Code Execution via Mooncake Integration
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
## Impacted Deployments
**Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.**
## Description
vLLM integration with mooncake is vaulnerable to remote code execution due to using `pickle` based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.
This is a similar to [GHSA - x3m8 - f7g5 - qhm7](https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7), the problem is in
https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pi
GHSA
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
ghsa·2025-04-29
CVE-2025-32444 [CRITICAL] CWE-502 vLLM Vulnerable to Remote Code Execution via Mooncake Integration
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
## Impacted Deployments
**Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable.**
## Description
vLLM integration with mooncake is vaulnerable to remote code execution due to using `pickle` based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack.
This is a similar to [GHSA - x3m8 - f7g5 - qhm7](https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7), the problem is in
https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pi
Red Hat
vllm: vLLM Vulnerable to Remote Code Execution via Mooncake Integration
vendor_redhat·2025-04-30·CVSS 10.0
CVE-2025-32444 [CRITICAL] CWE-502 vllm: vLLM Vulnerable to Remote Code Execution via Mooncake Integration
vllm: vLLM Vulnerable to Remote Code Execution via Mooncake Integration
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.
A flaw was found in the vllm component. The affected versions of vllm having vLLM integration with mooncake are vulnerable to re
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2chttps://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
2025-04-30
Published