GHSA-hjq4-87xh-g4fv · Severity: critical · Ecosystem: pip — vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side. The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.
Conclusion & alert: CVE-2025-47277 is rated High Exploit Risk (80.9/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 0.86%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-03-16 | 0.37% | 0.86% | +0.49% |
| 2 | 2026-03-02 | 0.56% | 0.37% | -0.18% |
| 3 | 2026-02-13 | — | 0.56% | — |
Full EPSS history (14 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
GHSA-hjq4-87xh-g4fv · Severity: critical · Ecosystem: pip — vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2025-47277 |
| URL | Tags |
|---|---|
| https://docs.vllm.ai/en/latest/deployment/security.html | Technical Description |
| https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7 | Patch |
| https://github.com/vllm-project/vllm/pull/15988 | Issue Tracking Patch |
| https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv | Exploit Vendor Advisory |