Vulnerability Details CVE-2025-24357
vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weights_only parameter defaults to False. When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. This vulnerability is fixed in v0.7.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.3%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-24357
-
cpe:2.3:a:vllm:vllm:0.1.0
-
cpe:2.3:a:vllm:vllm:0.1.1
-
cpe:2.3:a:vllm:vllm:0.1.2
-
cpe:2.3:a:vllm:vllm:0.1.3
-
cpe:2.3:a:vllm:vllm:0.1.4
-
cpe:2.3:a:vllm:vllm:0.1.5
-
cpe:2.3:a:vllm:vllm:0.1.6
-
cpe:2.3:a:vllm:vllm:0.1.7
-
cpe:2.3:a:vllm:vllm:0.2.0
-
cpe:2.3:a:vllm:vllm:0.2.1
-
cpe:2.3:a:vllm:vllm:0.2.2
-
cpe:2.3:a:vllm:vllm:0.2.3
-
cpe:2.3:a:vllm:vllm:0.2.4
-
cpe:2.3:a:vllm:vllm:0.2.5
-
cpe:2.3:a:vllm:vllm:0.2.6
-
cpe:2.3:a:vllm:vllm:0.2.7
-
cpe:2.3:a:vllm:vllm:0.3.0
-
cpe:2.3:a:vllm:vllm:0.3.1
-
cpe:2.3:a:vllm:vllm:0.3.2
-
cpe:2.3:a:vllm:vllm:0.3.3
-
cpe:2.3:a:vllm:vllm:0.4.0
-
cpe:2.3:a:vllm:vllm:0.4.1
-
cpe:2.3:a:vllm:vllm:0.4.2
-
cpe:2.3:a:vllm:vllm:0.4.3
-
cpe:2.3:a:vllm:vllm:0.5.0
-
cpe:2.3:a:vllm:vllm:0.5.1
-
cpe:2.3:a:vllm:vllm:0.5.2
-
cpe:2.3:a:vllm:vllm:0.5.3
-
cpe:2.3:a:vllm:vllm:0.5.4
-
cpe:2.3:a:vllm:vllm:0.5.5
-
cpe:2.3:a:vllm:vllm:0.6.0
-
cpe:2.3:a:vllm:vllm:0.6.1
-
cpe:2.3:a:vllm:vllm:0.6.2
-
cpe:2.3:a:vllm:vllm:0.6.3
-
cpe:2.3:a:vllm:vllm:0.6.4
-
cpe:2.3:a:vllm:vllm:0.6.5
-
cpe:2.3:a:vllm:vllm:0.6.6