- Description
- vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-502
- Hype score
- Not currently trending
#Vulnerability #AIInfrastructure CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM’s Mooncake Integration Exposes AI Infrastructure https://t.co/EwtIFpo6Gf
@Komodosec
24 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【ディープリサーチ】大規模言語モデル推論エンジン「vLLM」に深刻な脆弱性が発見されました。特にCVE-2025-32444およびCVE-2025-29783は、分散処理機能「Mooncake」の統合部分に存在するリモートコード実行(RCE)の
@96thetruth96
20 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Critical LLM Security Alert + AI Security Tool Recommendation 🎯 vLLM faces a critical vulnerability (CVE-2025-32444), CVSS 10/10! The Mooncake component's unsafe deserialization exposes Remote Code Execution (RCE) risks, impacting versions v0.6.5+. Immediate upgrade to v0
@AnneFranke51728
8 May 2025
58 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32444 (CVSS:10.0, CRITICAL) is Awaiting Analysis. vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and p..https://t.co/Ox99oJfXGV #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
5 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM's Mooncake Integration Expos CVE-2025-32444 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/cCseACragl #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
2 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM’s Mooncake Integration Exposes AI Infrastructure https://t.co/hEeVyaKRnz #appsec
@eyalestrin
1 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32444 04/30/2025 01:15:51 AM BaseSeverity: CRITICAL vLLM is a high-throughput and memory-efficient inference and serving engin... https://t.co/btxl8SdyAG
@CVETracker
30 Apr 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32444 ⚠️🔴 CRITICAL (10) 🏢 vllm-project - vllm 🏗️ >= 0.6.5, < 0.8.5 🔗 https://t.co/bVOr1FYkYn 🔗 https://t.co/1RiULZyZbq 🔗 https://t.co/gQLRpJxCfq 🔗 https://t.co/RYkBsTu1QJ #CyberCron #VulnAlert #InfoSec https://t.co/aI7oKlgE1N
@cybercronai
30 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32444 - vLLM (pip) pickle based serlialization over unsecured ZeroMQ sockets. With a full CVSS 10 Score 🤯🚨 Affected versions: >=0.6.5 Patched version: v0.8.5. https://t.co/m4MGwsjSOz https://t.co/o4HKSsRffa
@gothburz
30 Apr 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32444: Remote Code Execution Vulnerability in vLLM Mooncake Integration https://t.co/A347Cr5ETM
@_cvereports
30 Apr 2025
23 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32444 Remote Code Execution in vLLM 0.6.5 to 0.8.4 via Insecure ZeroMQ Sockets https://t.co/NjDBcQezuB
@VulmonFeeds
30 Apr 2025
81 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32444 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mo… https://t.co/fWcUIXO4un
@CVEnew
30 Apr 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-32444: CRITICAL] Attention: Remote code execution vulnerability patched in vLLM versions 0.8.5. Ensure you update to stay secure. #CyberSecurity #PatchUpdate#cve,CVE-2025-32444,#cybersecurity https://t.co/XeZDj6Xyjd https://t.co/cewQ3fDITm
@CveFindCom
30 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24BAE45E-0FCF-4E74-953A-88F12E093C0F",
"versionEndExcluding": "0.8.5",
"versionStartIncluding": "0.6.5"
}
],
"operator": "OR"
}
]
}
]