Vulnerability Details CVE-2025-29783
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.1%
CVSS Severity
CVSS v3 Score 9.0
References
Products affected by CVE-2025-29783
-
cpe:2.3:a:vllm:vllm:0.6.5
-
cpe:2.3:a:vllm:vllm:0.6.6
-
cpe:2.3:a:vllm:vllm:0.7.0
-
cpe:2.3:a:vllm:vllm:0.7.1
-
cpe:2.3:a:vllm:vllm:0.7.2
-
cpe:2.3:a:vllm:vllm:0.7.3