How to fix EUVD-2025-200115?

Within 24 hours: Identify all systems running vLLM and determine current versions; isolate affected instances from production if running versions prior to 0.11.1. Within 7 days: Apply vLLM patch to version 0.11.1 or later across all affected systems; validate patches in staging environment before production deployment. Within 30 days: Conduct security audit of all loaded model configurations and their sources; implement model repository whitelisting; establish code review process for any future model configuration changes.

Is Python affected by EUVD-2025-200115?

vLLM versions prior to 0.11.1 contain a critical remote code execution vulnerability that bypasses security controls designed to prevent execution of untrusted code.

EUVD-2025-200115

| CVE-2025-66448 HIGH

2025-12-01 [email protected]

GHSA-8fr4-5q9j-m8gm

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200115

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

Patch Released

Mar 15, 2026 - 13:34 nvd

Patch available

CVE Published

Dec 01, 2025 - 23:15 nvd

HIGH 7.1

Description

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.

Analysis

Technical Context

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Code Injection (CWE-94).

Affected Products

Affected products: Vllm Vllm

Remediation

A vendor patch is available — apply it immediately. Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +36

POC: 0

Vendor Status

Debian

Bug #1095237

vllm

Release	Status	Fixed Version	Urgency
	open	-	-

EUVD-2025-200115 vulnerability details – vuln.today

Back

EUVD-2025-200115

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Debian

Share

EUVD-2025-200115

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Debian

Share

External POC / Exploit Code