27Oca
CVE-2025-24357 | vLLM up to 0.6.x weight_utils.py weights_only deserialization
A vulnerability, which was classified as problematic, has been found in vLLM up to 0.6.x. Affected by this issue is some unknown functionality of the file vllm/model_executor/weight_utils.py. The manipulation of the argument weights_only leads to deserialization. This vulnerability is handled as CVE-2025-24357. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.