CVE-2025-30202: 
Chainguard vulnerability analysis and mitigation

vLLM (a high-throughput and memory-efficient inference and serving engine for LLMs) versions from 0.5.2 to prior to 0.8.5 were found to contain a vulnerability affecting multi-node vLLM deployments. The vulnerability, identified as CVE-2025-30202, involves denial of service and data exposure risks via ZeroMQ, discovered and disclosed on April 29, 2025 (GitHub Advisory).

In a multi-node vLLM deployment, the primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for multi-node deployment, it is only used during tensor parallelism across multiple hosts. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (GitHub Advisory, Wiz).

Any client with network access to the host can connect to the XPUB socket unless blocked by a firewall. Once connected, these arbitrary clients can receive all data broadcasted to secondary vLLM hosts, though this data consists of internal vLLM state information not useful to attackers. More critically, by connecting multiple times and not reading published data, attackers can cause denial of service by slowing down or potentially blocking the publisher (GitHub Advisory).

The vulnerability has been patched in version 0.8.5. For users unable to update immediately, two workarounds are available: 1) Do not expose the vLLM host to networks where untrusted connections may reach the host, or 2) Ensure that only other vLLM hosts can connect to the TCP port used for the XPUB socket, noting that the port used is random (GitHub Advisory).