**Name of the Vulnerable Software and Affected Versions:**

vLLM versions 0.5.2 through 0.8.5.post1

**Description:**

vLLM is an inference and serving engine for large language models. In a multi-node deployment using the V0 engine, vLLM utilizes ZeroMQ for communication. Secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary host. Data received on the `SUB` socket is deserialized using `pickle`, which is unsafe and can allow for remote code execution. This vulnerability can serve as an escalation point, potentially compromising the entire vLLM deployment if the primary host is compromised. Attackers may also exploit this vulnerability without direct access to the primary host, for example, through ARP cache poisoning to redirect traffic to a malicious endpoint delivering arbitrary code.

**Recommendations:**

vLLM versions 0.5.2 through 0.8.5.post1: Ensure your environment is on a secure network if using a multi-node deployment with the V0 engine and tensor parallelism.