CVE-2025-29783
Published: 19 March 2025
Summary
CVE-2025-29783 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Vllm Vllm. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs that becomes vulnerable when configured to use Mooncake for distributing KV caches across hosts. The flaw stems from unsafe deserialization of data received directly over ZMQ/TCP on all network interfaces, classified under CWE-502, and enables remote code execution on the affected distributed hosts. The issue impacts any deployment relying on Mooncake and carries a CVSS 3.1 score of 9.0; it was fixed in version 0.8.0.
An attacker with low-privileged access on an adjacent network segment can send crafted serialized payloads over the exposed ZMQ/TCP channel. Successful exploitation grants the ability to execute arbitrary code on the remote hosts participating in the Mooncake-based KV distribution, potentially compromising the confidentiality, integrity, and availability of the LLM serving infrastructure.
The referenced GitHub security advisory, pull request, and commit indicate that the fix is delivered by upgrading to vLLM 0.8.0, which removes the unsafe deserialization path for Mooncake traffic.
The component is used in LLM inference environments, making the vulnerability relevant to AI/ML deployments that rely on distributed KV caching.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6725
Vulnerability details
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This…
more
is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llms, vllm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a network-exposed unsafe deserialization vulnerability in vLLM (via ZMQ/TCP on all interfaces) that directly enables remote code execution with adjacent network access, mapping to exploitation of remote services for code execution on the target hosts.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation requires timely patching of the unsafe deserialization vulnerability fixed in vLLM 0.8.0, directly preventing RCE exploitation.
Information input validation at system entry points detects and rejects untrusted deserialized data over ZMQ/TCP, blocking CWE-502 attacks.
Boundary protection monitors and controls network communications to block unauthorized adjacent access to the exposed ZMQ/TCP interfaces.