CVE-2025-47277Deserialization of Untrusted Data in Vllm

CWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
VllmVllm-project Vllm
Timeline
PublishedMay 20

Description

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDvllm/vllm0.6.50.8.5
PyPIvllm/vllm0.6.50.8.5
CVEListV5vllm-project/vllm>= 0.6.5, < 0.8.5

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service2025-05-20
GHSA
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service2025-05-20

📋Vendor Advisories

1
Red Hat
vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service2025-05-20