CVE-2025-29783: 
Chainguard vulnerability analysis and mitigation

CVE-2025-29783 affects vLLM (versions >=0.6.5 and <0.8.0), a high-throughput and memory-efficient inference and serving engine for Large Language Models (LLMs). The vulnerability was discovered and disclosed on March 19, 2025, and involves unsafe deserialization in the Mooncake integration component (NVD, Security Advisory).

The vulnerability stems from unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces when vLLM is configured to use Mooncake. The core issue involves the use of pickle.loads() in the recv_tensor() function, which calls _recv_impl and passes raw network bytes to pickle.loads() for deserialization. The mooncake pipe is exposed over the network using ZMQ over TCP, with the interface defined as self.receiver_socket.connect(f"tcp://{d_host}:{d_rank_offset + 1}"). The vulnerability has received a CVSS v3.1 base score of 9.0 (Critical) (Security Advisory).

This vulnerability allows attackers to execute remote code on distributed hosts. The impact is particularly severe as it affects any deployments using Mooncake to distribute KV across distributed hosts. The vulnerability has been classified as critical due to its potential for remote code execution and the lack of network controls or authentication mechanisms to prevent arbitrary users from sending malicious payloads to the affected service (Security Advisory).

The vulnerability has been fixed in vLLM version 0.8.0. The fix involves replacing the unsafe pickle serialization with safetensors in the Mooncake Pipe implementation. Users are strongly advised to upgrade to version 0.8.0 or later to address this security issue (GitHub Commit).

The vulnerability has garnered significant attention in the security community, particularly due to vLLM's popularity with over 43,000 stars on GitHub. The discovery prompted immediate action from the development team, resulting in a critical security patch (Security Online).