VDB
CVE-2024-11041
CVE-2024-11041
PUBLISHED
CVSS 9.800000190734863 CRITICAL
vLLM Deserialization of Untrusted Data vulnerability
EPSS 5.60% · 90.5th percentile
Risk Scores
CVSS v3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
5.60%
90.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vllm | vllm | 0.6.2, 0.6.2 |
| PyPI | vllm | 0, 0 |
| vllm-project | vllm-project/vllm | unspecified, unspecified |
Timeline
- Mar 20, 2025 CVE Published
- Mar 20, 2025 EPSS Score
- Mar 20, 2025 Coalition ESS Score
- Mar 20, 2025 PoC Published
- Mar 21, 2025 CVE Updated
- Apr 2, 2025 EPSS Score
- Apr 16, 2025 EPSS Score
- Apr 29, 2025 EPSS Score
- May 7, 2025 Coalition ESS Score
- May 12, 2025 EPSS Score
- Jun 8, 2025 EPSS Score
- Jun 21, 2025 EPSS Score
References
- https://huntr.com/bounties/00136195-11e0-4ad0-98d5-72db066e867f url
- https://nvd.nist.gov/vuln/detail/CVE-2024-11041 advisory
- https://github.com/vllm-project/vllm package
- https://github.com/vllm-project/vllm/blob/7193774b1ff8603ad5bf4598e5efba0d9a39b436/vllm/distributed/device_communicators/shm_broadcast.py#L441-L443 url