Wiz
Vulnerability DatabaseCVE-2025-47277

CVE-2025-47277
Chainguard vulnerability analysis and mitigation

Overview

CVE-2025-47277 is a critical vulnerability discovered in vLLM (versions 0.6.5 through 0.8.4), a high-performance inference and serving engine for large language models (LLMs). The vulnerability specifically affects environments using the PyNcclPipe KV cache transfer integration with the V0 engine. Disclosed on May 20, 2025, it has been assigned a CVSS score of 9.8, indicating critical severity. The issue involves the PyNcclPipe class implementation, which is used for KV cache transfer between distributed nodes using peer-to-peer messaging (Wiz Security, GitHub Advisory).

Technical details

The vulnerability exists in the PyNcclPipe class implementation where it directly processes client-provided data using pickle.loads, creating an unsafe deserialization vulnerability. The critical security flaw stems from PyTorch's TCPStore interface default behavior, which causes it to listen on all interfaces regardless of the IP address provided through the --kv-ip CLI parameter. The IP address was only used as a client-side address, contrary to the intended security model where the interface should only be exposed to a private network (GitHub Advisory, Security Guide).

Impact

The vulnerability enables remote code execution (RCE) capabilities, allowing attackers to execute arbitrary system commands on the host and potentially gain full control of the server. This poses a significant risk to the confidentiality, integrity, and availability of affected systems. The CVSS score of 9.8 reflects the critical nature of this vulnerability, with high impact ratings across confidentiality, integrity, and availability metrics (Wiz Security, GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in vLLM version 0.8.5, which implements a workaround to force the TCPStore instance to bind its socket to a specified private interface. Users are strongly recommended to update to this version immediately. For those unable to update, it is recommended to deploy vLLM nodes on a dedicated, isolated network and implement appropriate firewall rules to prevent unauthorized access. Additionally, the KV cache transfer in the V0 engine is considered experimental and not recommended for production environments (GitHub Advisory, Security Guide).

Additional resources

SourceThis report was generated using AI

Related Chainguard vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22863CRITICAL9.2
  • RustRust
  • deno
NoYesJan 15, 2026
CVE-2026-22864HIGH8.1
  • RustRust
  • deno
NoYesJan 15, 2026
CVE-2026-23490HIGH7.5
  • PythonPython
  • fence-agents-intelmodular
NoYesJan 16, 2026
CVE-2025-68675HIGH7.5
  • Apache AirflowApache Airflow
  • airflow-3
NoYesJan 16, 2026
CVE-2025-68438HIGH7.5
  • Apache AirflowApache Airflow
  • airflow-3
NoYesJan 16, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo