VYPR
High severityNVD Advisory· Published Jan 27, 2025· Updated Feb 12, 2025

vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator

CVE-2025-24357

Description

vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weights_only parameter defaults to False. When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. This vulnerability is fixed in v0.7.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
vllmPyPI
< 0.7.00.7.0

Affected products

6

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.