Bug 2355251 (CVE-2025-30202)

Summary:	CVE-2025-30202 vllm: Data Exposure via ZeroMQ on Multi-Node vLLM Deployment
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	high	Docs Contact:
Priority:	high
Version:	unspecified	CC:	bbrownin, jeder, security-response-team
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	---
Doc Text:	A flaw was found in vLLM's multi-node setup, which exposes sensitive data over a ZeroMQ XPUB socket bound to all interfaces. This vulnerability allows unauthorized clients to intercept and read internal communications if they can access the network.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-03-27 06:42:13 UTC

In a multi-node deployment, vLLM's primary host binds an XPUB ZeroMQ socket to all network interfaces, enabling any network-accessible client to connect and receive sensitive internal data. This vulnerability results in unintended data exposure, allowing unauthorized parties to view details of requests processed by the system. If the vLLM host is deployed in an untrusted network without strict firewall rules, an attacker can passively listen to the ZeroMQ stream and extract private inference request data.