CVE-2025-47277

Опубликовано: 20 мая 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the PyNcclPipe class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the PyNcclCommunicator class, while CPU-side control message passing is handled via the send_obj and recv_obj methods on the CPU side. The intention was that this interface should only be exposed to a private network using the IP address specified by the --kv-ip CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the TCPStore interface listens on ALL interfaces, regardless of what IP address is provided. The IP add

Ссылки

https://docs.vllm.ai/en/latest/deployment/security.html
Technical Description
https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7
Patch
https://github.com/vllm-project/vllm/pull/15988
Issue Tracking
Patch
https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*

Версия от 0.6.5 (включая) до 0.8.5 (исключая)

EPSS

Процентиль: 75%

0.00865

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

CVE-2025-47277

CVSS3: 7.5

redhat

10 месяцев назад

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side. The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP ...

CVE-2025-47277

CVSS3: 9.8

debian

10 месяцев назад

vLLM, an inference and serving engine for large language models (LLMs) ...

GHSA-hjq4-87xh-g4fv

CVSS3: 9.8

github

10 месяцев назад

vLLM Allows Remote Code Execution via PyNcclPipe Communication Service

BDU:2026-03420

CVSS3: 9.8

fstec

12 месяцев назад

Уязвимость класса PyNcclPipe библиотеки для работы с большими языковыми моделями (LLM) vLLM, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 75%

0.00865

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502