CNNVD-202512-013 Information

CNNVD ID

CNNVD-202512-013

Related CVE

CVE-2025-66448

• CNNVD Published: 2025-12-01

Description (Chinese)

vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.11.1之前版本存在代码注入漏洞，该漏洞源于Nemotron_Nano_VL_Config配置类存在远程代码执行向量，可能导致远程代码执行。

Description (English)

vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. There is a code injection loophole in the prevLM 0.11.1 version, which stems from the remote code execution vector in the Nemotron Nano VL Config configuration class, which may lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

vLLM

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86 https://github.com/vllm-project/vllm/pull/28126 https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm

Patch

https://github.com/vllm-project/vllm/releases