CVE-2025-47277

CRITICAL EPSS 56.0%
Published May 20, 20251y ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published May 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side.​ The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
56.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-502 Deserialization of Untrusted Data Validation

Affected Products 1

VendorProductVersionRange
vllmvllm*≥0.6.5  –  <0.8.5

References 4

  • docs.vllm.ai https://docs.vllm.ai/en/latest/deployment/security.html
    Technical Description
  • github.com https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7
    Patch
  • github.com https://github.com/vllm-project/vllm/pull/15988
    Issue TrackingPatch
  • github.com https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7
    Patch
  • github.com https://github.com/vllm-project/vllm/pull/15988
    Issue TrackingPatch