Platform
python
Component
vllm
Fixed in
0.11.2
0.11.1
CVE-2025-66448 describes a critical Remote Code Execution (RCE) vulnerability affecting vllm versions up to 0.9.2. This flaw allows attackers to execute arbitrary code on systems running vulnerable vllm instances by manipulating model configuration files. The vulnerability stems from the way vllm handles dynamic module resolution, bypassing security measures intended to prevent remote code execution. A fix is available in version 0.11.1.
The impact of this vulnerability is severe. An attacker can achieve remote code execution simply by providing a specially crafted model configuration file to a vulnerable vllm instance. This allows them to gain complete control over the affected system, potentially leading to data theft, system compromise, and further lateral movement within the network. The ability to bypass the trustremotecode=False setting significantly increases the attack surface and makes exploitation easier. This vulnerability shares similarities with other remote code execution flaws where dynamic code loading is mishandled, potentially allowing attackers to inject malicious code into the application's runtime environment.
This vulnerability was publicly disclosed on 2025-12-02. The CVSS score is 7.1 (HIGH). The presence of a clear attack vector and the ability to bypass security settings suggest a medium probability of exploitation. No public proof-of-concept (PoC) code has been publicly released as of the disclosure date, but the vulnerability's nature makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.21% (42% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to vllm version 0.11.1 or later, which addresses the vulnerability. If upgrading immediately is not feasible, consider implementing strict input validation on model configuration files to prevent the inclusion of malicious auto_map entries. While not a complete solution, this can reduce the attack surface. Monitor vllm logs for suspicious activity related to dynamic module loading or unexpected Python code execution. Implement network segmentation to limit the potential blast radius if a system is compromised. After upgrading, verify the fix by attempting to load a known malicious configuration file and confirming that it is rejected or handled safely.
Actualice la biblioteca vLLM a la versión 0.11.1 o superior. Esto corrige la vulnerabilidad de ejecución remota de código. Puede actualizar usando `pip install vllm==0.11.1` o una versión más reciente.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-66448 is a Remote Code Execution vulnerability in vllm versions up to 0.9.2. It allows attackers to execute arbitrary code by crafting malicious model configuration files.
You are affected if you are running vllm versions 0.9.2 or earlier. Check your vllm version using pip show vllm.
Upgrade to vllm version 0.11.1 or later. If immediate upgrade is not possible, implement strict input validation on model configuration files.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation.
Refer to the vllm project's official security advisories and release notes on their GitHub repository: [https://github.com/vllm-project/vllm](https://github.com/vllm-project/vllm)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.