CVE-2024-9053

Published: Mar 20, 2025Modified: Oct 15, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.

Affected (1)

Products: Vllm Project: Vllm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vllm Project Vllm	Version 0.6.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (1)

https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09

Source: security@huntr.dev

ExploitThird Party Advisory

Timeline

No history available yet.