CVE-2025-29783
📋 TL;DR
CVE-2025-29783 is a remote code execution vulnerability in vLLM when configured with Mooncake for distributed key-value storage. Attackers can exploit unsafe deserialization over ZMQ/TCP to execute arbitrary code on distributed hosts. This affects any vLLM deployment using Mooncake across distributed systems.
💻 Affected Systems
- vLLM
📦 What is this software?
Vllm by Vllm
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all distributed vLLM hosts, allowing attackers to execute arbitrary code, steal sensitive data, pivot to other systems, and disrupt LLM inference services.
Likely Case
Remote code execution leading to data exfiltration, service disruption, and potential lateral movement within the distributed vLLM environment.
If Mitigated
Limited impact if network segmentation and proper access controls prevent external access to vulnerable interfaces.
🎯 Exploit Status
Exploitation requires network access to the vulnerable ZMQ/TCP interface but no authentication. The unsafe deserialization pattern is well-known and easily weaponizable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.8.0
Vendor Advisory: https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
Restart Required: Yes
Instructions:
1. Upgrade vLLM to version 0.8.0 or later using pip: pip install vllm>=0.8.0
2. Restart all vLLM services and Mooncake components
3. Verify the fix by checking version and testing functionality
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict network access to vLLM Mooncake interfaces using firewall rules
iptables -A INPUT -p tcp --dport [MOONCAKE_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [MOONCAKE_PORT] -j DROP
Disable Mooncake
allTemporarily disable Mooncake configuration if not essential for operations
Modify vLLM configuration to remove Mooncake settings or use local KV storage
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vLLM Mooncake interfaces from untrusted networks
- Deploy intrusion detection systems to monitor for deserialization attacks on Mooncake ports
🔍 How to Verify
Check if Vulnerable:
Check vLLM version and Mooncake configuration: python -c "import vllm; print(vllm.__version__)" and verify if Mooncake is enabled in configurationCheck Version:
python -c "import vllm; print(vllm.__version__)"Verify Fix Applied:
Confirm vLLM version is 0.8.0 or later and test Mooncake functionality remains operational📡 Detection & Monitoring
Log Indicators:
- Unusual deserialization errors in vLLM logs
- Unexpected process spawns from vLLM services
- Connection attempts to Mooncake ports from unauthorized sources
Network Indicators:
- Unusual ZMQ/TCP traffic patterns to vLLM Mooncake ports
- Deserialization payloads in network traffic
- Connection spikes to distributed vLLM hosts
SIEM Query:
source="vllm.logs" AND ("deserialization" OR "mooncake" OR "zmq") AND severity=ERROR