vLLM
CVE-2025-29783: Remote Code Execution in vLLM via Unsafe Deserialization in Mooncake
Executive Summary CVE-2025-29783 is a critical remote code execution (RCE) vulnerability affecting vLLM, a high-throughput and memory-efficient inference and serving engine for Large Language Models (LLMs). The vulnerability stems from the use of unsafe deserialization via pickle within the Mooncake component, which is used for distributed key-value (KV) cache management.