vllm-Project vllm Remote Code Execution Vulnerability via Deserialization in AsyncEngineRPCServer

Vulnerability

A remote code execution vulnerability exists in vllm-project vllm version 0.6.0 within the AsyncEngineRPCServer RPC server entrypoints. The issue arises because the core functionality, run_server_loop(), calls the _make_handler_coro() function, which directly applies cloudpickle.loads() to received messages without any form of sanitization. This lack of validation allows for the deserialization of malicious pickle data, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where vllm-project vllm 0.6.0 is running.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

vllm-Project vllm Remote Code Execution Vulnerability via Deserialization in AsyncEngineRPCServer

Vulnerability

Impact

Affected Products

vllm-project vllm

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating