← back
CVE-2025-30202

Data exposure via ZeroMQ on multi-node vLLM deployment

CVSS 7.5 HIGHEPSS 0.5%CWE-770
In short

vLLM versions 0.5.2 to 0.8.4 expose internal data and risk slowdowns in multi-node setups because they open an unprotected ZeroMQ communication port accessible to anyone on the network. An attacker can connect to this port to intercept internal system messages or deliberately cause performance problems.

Technical detail

vLLM's multi-node deployment uses an unprotected XPUB ZeroMQ socket bound to all network interfaces, allowing unauthenticated remote clients to connect and receive broadcasted internal state information or perform resource exhaustion attacks by maintaining multiple connections without consuming published data. Exploitation requires network access to the primary host's ZeroMQ port and affects deployments using tensor parallelism across multiple nodes.

Summary generated and translated by AI from the official description.
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across multiple hosts. Any client with network access to this host can connect to this XPUB socket unless its port is blocked by a firewall. Once connected, these arbitrary clients will receive all of the same data broadcasted to all of the secondary vLLM hosts. This data is internal vLLM state information that is not useful to an attacker. By potentially connecting to this socket many times and not reading data published to them, an attacker can also cause a denial of service by slowing down or potentially blocking the publisher. This issue has been patched in version 0.8.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
vllm-project · vllm

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/vllm-project/vllm/commit/a0304dc504c85f421d38ef47c64f83046a13641chttps://github.com/vllm-project/vllm/pull/6183https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j