Primary

Context

vLLM Library Arbitrary Code Execution Vulnerability via Unsafe Model Loading

Vulnerability

Patched

A vulnerability in the vLLM library, specifically in the model weight loading functionality, allows for arbitrary code execution. This issue arises because the library uses the torch.load function to deserialize model weights from Hugging Face, with the default setting of weights_only parameter allowing potentially harmful code to execute during the unpickling process. The vulnerability affects vLLM versions through 0.7.0 and has been addressed in version 0.7.0.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the machine running the affected vLLM version.

Reproduction

The vulnerability can be reproduced by loading a malicious model checkpoint from Hugging Face using vLLM's model weight loading function. This can be done by setting the weights_only parameter to False, which is the default behavior.

Remediation

Users can update to vLLM version 0.7.0 or later, where this vulnerability has been fixed.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

vLLM Library Arbitrary Code Execution Vulnerability via Unsafe Model Loading

Vulnerability

Impact

Reproduction

Remediation

Affected Products

vLLM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating