CVE-2025-47277

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://docs.vllm.ai/en/latest/deployment/security.html", "name": "https://docs.vllm.ai/en/latest/deployment/security.html", "tags": ["Technical Description"], "refsource": ""}, {"url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7", "name": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7", "tags": ["Patch"], "refsource": ""}, {"url": "https://github.com/vllm-project/vllm/pull/15988", "name": "https://github.com/vllm-project/vllm/pull/15988", "tags": ["Issue Tracking", "Patch"], "refsource": ""}, {"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv", "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv", "tags": ["Exploit", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the\u00a0`PyNcclPipe`\u00a0class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the\u00a0`PyNcclCommunicator`\u00a0class, while CPU-side control message passing is handled via the\u00a0`send_obj`\u00a0and\u00a0`recv_obj`\u00a0methods on the CPU side.? The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-502"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-47277", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2025-05-20T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.8.5", "versionStartIncluding": "0.6.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-13T16:35Z"}