Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                              CERT-Renater

                  Note d'Information No. 2025/VULN044

_____________________________________________________________________

DATE                : 28/01/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running vllm versions prior to 0.7.0.

=====================================================================
https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54
_____________________________________________________________________

Malicious model to RCE by torch.load in hf_model_weights_iterator
High
russellb published GHSA-rh4j-5rhw-hr54 Jan 27, 2025

Package
vllm (pip)

Affected versions
<= 0.7.0

Patched versions
v0.7.0


Description

Description

The vllm/model_executor/weight_utils.py implements
hf_model_weights_iterator to load the model checkpoint, which is
downloaded from huggingface. It use torch.load function and
weights_only parameter is default value False. There is a security
warning on https://pytorch.org/docs/stable/generated/torch.load.html,
when torch.load load a malicious pickle data it will execute
arbitrary code during unpickling.


Impact

This vulnerability can be exploited to execute arbitrary codes and
OS commands in the victim machine who fetch the pretrained repo
remotely.

Note that most models now use the safetensors format, which is not
vulnerable to this issue.


References

    https://pytorch.org/docs/stable/generated/torch.load.html
    Fix: #12366

Severity
High

7.5/ 10

CVSS v3 base metrics

Attack vector
Network

Attack complexity
High

Privileges required
None

User interaction
Required

Scope
Unchanged

Confidentiality
High

Integrity
High

Availability
High

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE ID
CVE-2025-24357

Weaknesses
CWE-502

Credits

    @DogeWatch DogeWatch Reporter



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================