The vulnerability resides in the tensor deserialization process within vLLM’s entrypoints/renderer.py at line 148.
When processing user-supplied prompt embeddings, the system loads serialized tensors using torch.load() without adequate validation checks.
A change introduced in PyTorch 2.8.0 disabled sparse tensor integrity checks by default, creating an attack vector for malicious actors.
Without proper validation, attackers can craft tensors that bypass internal bounds checks, triggering an out-of-bounds memory write during the to_dense() conversion.
This memory corruption can cause the vLLM server to crash and potentially enable arbitrary code execution within the server process.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-62164 |
| Severity | High |
| CVSS Score | 8.8/10 |
| Affected Product | vLLM (pip) |
| Affected Versions | ≥ 0.10.2 |
This vulnerability affects all deployments running vLLM as a server, particularly those deserializing untrusted or model-provided payloads.
Any user with API access can exploit this flaw to achieve denial-of-service conditions and potentially gain remote code execution capabilities.
The attack requires no special privileges, making it accessible to both authenticated and unauthenticated users, depending on the API configuration.
Organizations using vLLM in production environments, cloud deployments, or shared infrastructure face significant risk, as successful exploitation could compromise the entire server and adjacent systems.
The vLLM project has addressed this vulnerability in pull request #27204. Users should immediately upgrade to the patched version.
As a temporary mitigation, administrators should restrict API access to trusted users only and implement input validation layers that inspect prompt embeddings before they reach the vLLM processing pipeline.
The vulnerability was discovered and responsibly disclosed by the AXION Security Research Team, highlighting the importance of coordinated vulnerability disclosure in the AI infrastructure ecosystem.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post vLLM Vulnerability Enables Remote Code Execution Via Malicious Payloads appeared first on Cyber Security News.
A new weekend has arrived, and today, you can save big on Apple AirTags, 4K…
Director Joe Russo has confirmed the upcoming Avengers: Endgame re-release will include new footage that…
Cooperative pirate survival game Windrose has reached 1 million copies sold less than a week…
The space in the heart of Franklin’s downtown, a former department store, excited Patrick McDevitt…
Two years ago, Sue Prentiss got a sobering reality check at her doctor’s office. The…
The space in the heart of Franklin’s downtown, a former department store, excited Patrick McDevitt…
This website uses cookies.