Plataforma
python
Componente
vllm
Corregido en
0.11.0
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the vLLM project’s multimodal feature set, specifically within the MediaConnector class. The loadfromurl and loadfromurl_async methods fail to adequately restrict user-provided URLs, allowing attackers to force the vLLM server to make requests to internal network resources. This vulnerability impacts versions of vLLM up to and including 0.9.2 and is resolved in version 0.11.0.
The SSRF vulnerability in vLLM allows an attacker to leverage the server to scan the internal network. By crafting malicious URLs, an attacker can instruct the vLLM server to make requests to internal services and resources that would otherwise be inaccessible. In containerized environments like llm-d, a compromised vLLM pod could be used to enumerate internal services, potentially leading to the discovery of sensitive information or further exploitation opportunities. The blast radius extends to any internal resources accessible from the vLLM server, posing a significant risk to the overall security posture of the environment.
This vulnerability was publicly disclosed on 2025-10-07. There is no indication of this vulnerability being actively exploited at the time of writing. The EPSS score is pending evaluation. Public proof-of-concept code is not currently available, but the SSRF nature of the vulnerability makes it likely that such code will emerge.
Organizations deploying vLLM in containerized environments, particularly those utilizing llm-d, are at the highest risk. Environments with lax network segmentation and internal services accessible from the vLLM server are also particularly vulnerable. Users relying on vLLM's multimodal features for processing external media are directly exposed.
• python / llm-d:
Get-Process -Name vLLM | Select-Object -ExpandProperty Path• python / llm-d: Monitor vLLM logs for unusual outbound network connections or requests to internal IP addresses.
• generic web: Use curl to probe for exposed endpoints related to media loading: curl http://<vllmserverip>/media/load
• generic web: Examine access logs for requests originating from the vLLM server to internal IP addresses or unexpected domains.
disclosure
Estado del Exploit
EPSS
0.05% (15% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-6242 is to upgrade to vLLM version 0.11.0 or later, which includes the necessary fixes to prevent unauthorized URL requests. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests from the vLLM server, blocking requests to internal IP addresses or suspicious domains. Additionally, restrict network access to the vLLM pod to only necessary services. Review and tighten URL validation logic within the MediaConnector class if manual patching is attempted, ensuring that only trusted domains are permitted. After upgrade, confirm functionality by attempting to load media from a variety of trusted URLs.
Actualice a una versión de vLLM que haya solucionado la vulnerabilidad SSRF en la clase MediaConnector. Consulte las notas de la versión y los registros de cambios para obtener más detalles sobre la versión corregida. Implemente validación y saneamiento de las URL proporcionadas por el usuario para evitar que el servidor realice solicitudes a recursos internos no autorizados.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-6242 is a Server-Side Request Forgery (SSRF) vulnerability in vLLM’s multimodal feature, allowing attackers to make unauthorized requests to internal network resources.
You are affected if you are using vLLM versions 0.9.2 or earlier. Upgrade to 0.11.0 to mitigate the risk.
Upgrade to vLLM version 0.11.0 or later. As a temporary workaround, implement a WAF or proxy to filter outbound requests.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability suggests potential for future attacks.
Refer to the official vLLM project's security advisories and release notes for details: [https://github.com/vllm-project/vllm/security/advisories](https://github.com/vllm-project/vllm/security/advisories)
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo requirements.txt y te decimos al instante si estás afectado.