Critical Vulnerability Information Vulnerability Overview Title: Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration Severity: High (8.0/10) CVE ID: CVE-2025-30165 CVSS v3 Base Metrics: - Attack Vector: Adjacent - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High Affected Scope Affected Package: vllm (pip) Affected Versions: >=0.5.2 Fixed Version: None Description Affected Environment: Only impacts multi-node deployments using the V0 engine, which has been disabled by default since v0.8.0. The issue occurs only in deployments using tensor parallelism across multiple hosts. Impact: In multi-node vLLM deployments using the V0 engine, vLLM uses ZeroMQ for inter-node communication. Secondary vLLM hosts open a SUB ZeroMQ socket and connect to the XPUB socket on the primary vLLM host. Vulnerability Details Code Snippet: - When data is received through the SUB socket, it is deserialized using , which is insecure and may lead to remote code execution. Impact and Risk Exploitation: If the primary vLLM host is compromised, this vulnerability can serve as a foothold to further attack other hosts within the vLLM deployment. Attack Method: Attackers can redirect traffic to malicious endpoints via techniques such as ARP cache poisoning, enabling delivery of arbitrary code for execution on the target machine.