CRITICAL 9.8

PYSEC-2025-222

Details

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / vllm

Introduced in: 0

No fixed version published yet for vllm (pip). Pin to a known-safe version or switch to an alternative.

References

https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09 [EVIDENCE]