7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24357

GHSA ID

GHSA-rh4j-5rhw-hr54

EPSS Score

0.24274%

CWE

CWE-502

Published

1/27/2025

Updated

1/27/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-24357

CVE-2025-24357: vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator

Description

The vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It use torch.load function and weights_only parameter is default value False. There is a security warning on https://pytorch.org/docs/stable/generated/torch.load.html, when torch.load load a malicious pickle data it will execute arbitrary code during unpickling.

Impact

This vulnerability can be exploited to execute arbitrary codes and OS commands in the victim machine who fetch the pretrained repo remotely.

Note that most models now use the safetensors format, which is not vulnerable to this issue.

References

https://pytorch.org/docs/stable/generated/torch.load.html
Fix: https://github.com/vllm-project/vllm/pull/12366

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24357

GHSA ID

GHSA-rh4j-5rhw-hr54

EPSS Score

0.24274%

CWE

CWE-502

Published

1/27/2025

Updated

1/27/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
vllm	pip	< 0.7.0	0.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

### **s*ription T** vllm/mo**l_*x**utor/w*i**t_utils.py impl*m*nts **_mo**l_w*i**ts_it*r*tor to lo** t** mo**l ****kpoint, w*i** is *ownlo**** *rom *u**in*****. It us* tor**.lo** *un*tion *n* w*i**ts_only p*r*m*t*r is ****ult v*lu* **ls*. T**r* is *

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2025-24357: vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator

Description

Impact

References

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI