Plattform
python
Komponente
vllm
Behoben in
0.11.0
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the vLLM project’s multimodal feature set, specifically within the MediaConnector class. The loadfromurl and loadfromurl_async methods fail to adequately restrict user-provided URLs, allowing attackers to force the vLLM server to make requests to internal network resources. This vulnerability impacts versions of vLLM up to and including 0.9.2 and is resolved in version 0.11.0.
The SSRF vulnerability in vLLM allows an attacker to leverage the server to scan the internal network. By crafting malicious URLs, an attacker can instruct the vLLM server to make requests to internal services and resources that would otherwise be inaccessible. In containerized environments like llm-d, a compromised vLLM pod could be used to enumerate internal services, potentially leading to the discovery of sensitive information or further exploitation opportunities. The blast radius extends to any internal resources accessible from the vLLM server, posing a significant risk to the overall security posture of the environment.
This vulnerability was publicly disclosed on 2025-10-07. There is no indication of this vulnerability being actively exploited at the time of writing. The EPSS score is pending evaluation. Public proof-of-concept code is not currently available, but the SSRF nature of the vulnerability makes it likely that such code will emerge.
Organizations deploying vLLM in containerized environments, particularly those utilizing llm-d, are at the highest risk. Environments with lax network segmentation and internal services accessible from the vLLM server are also particularly vulnerable. Users relying on vLLM's multimodal features for processing external media are directly exposed.
• python / llm-d:
Get-Process -Name vLLM | Select-Object -ExpandProperty Path• python / llm-d: Monitor vLLM logs for unusual outbound network connections or requests to internal IP addresses.
• generic web: Use curl to probe for exposed endpoints related to media loading: curl http://<vllmserverip>/media/load
• generic web: Examine access logs for requests originating from the vLLM server to internal IP addresses or unexpected domains.
disclosure
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-6242 is to upgrade to vLLM version 0.11.0 or later, which includes the necessary fixes to prevent unauthorized URL requests. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests from the vLLM server, blocking requests to internal IP addresses or suspicious domains. Additionally, restrict network access to the vLLM pod to only necessary services. Review and tighten URL validation logic within the MediaConnector class if manual patching is attempted, ensuring that only trusted domains are permitted. After upgrade, confirm functionality by attempting to load media from a variety of trusted URLs.
Aktualisieren Sie auf eine Version von vLLM, die die SSRF Schwachstelle in der Klasse MediaConnector behoben hat. Sehen Sie sich die Versionshinweise und Änderungsprotokolle für weitere Details zur korrigierten Version an. Implementieren Sie die Validierung und Bereinigung von benutzerdefinierten URLs, um zu verhindern, dass der Server Anfragen an nicht autorisierte interne Ressourcen sendet.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-6242 is a Server-Side Request Forgery (SSRF) vulnerability in vLLM’s multimodal feature, allowing attackers to make unauthorized requests to internal network resources.
You are affected if you are using vLLM versions 0.9.2 or earlier. Upgrade to 0.11.0 to mitigate the risk.
Upgrade to vLLM version 0.11.0 or later. As a temporary workaround, implement a WAF or proxy to filter outbound requests.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability suggests potential for future attacks.
Refer to the official vLLM project's security advisories and release notes for details: [https://github.com/vllm-project/vllm/security/advisories](https://github.com/vllm-project/vllm/security/advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.