PyPi: Vllm

CVE-2025-29783

Safety vulnerability ID: 76301

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 19, 2025 Updated at Apr 06, 2025

Scan your Python projects for vulnerabilities →

Advisory

When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP will allow attackers to execute remote code on distributed hosts.

Affected package

vllm

Latest version: 0.8.3

A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-x3m8-f7g5-qhm7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29783

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application