CVE-2025-9141

Name of the Vulnerable Software and Affected Versions: vLLM (affected versions not specified)

Description: An unsafe deserialization allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. The issue resides in the Qwen3 Coder tool parser, which uses Python’s eval() function to parse tool call parameters during the parameter conversion process when handling unknown data types. This code path is reached when tool calling is enabled and the qwen3 coder parser is specified.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.