CVE-2025-24357 | vLLM up to 0.6.x weight_utils.py weights_only deserialization

Inserito da Angelo Barbosa | Gen 27, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in vLLM up to 0.6.x. Affected by this issue is some unknown functionality of the file vllm/model_executor/weight_utils.py. The manipulation of the argument weights_only leads to deserialization.

This vulnerability is handled as CVE-2025-24357. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-24357 | vLLM up to 0.6.x weight_utils.py weights_only deserialization

Post correlati

CVE-2023-6891 | PeaZip 9.4.0 Library dragdropfilesdll.dll uncontrolled search path

CVE-2024-38366 | CocoaPods injection

CVE-2024-21204 | Oracle MySQL Server up to 8.4.0/9.0.1 PS denial of service

CVE-2024-39573 | Apache HTTP Server up to 2.4.59 mod_rewrite server-side request forgery