Publish Advisories

GHSA-32fw-gq77-f2f2
GHSA-8fr4-5q9j-m8gm
GHSA-32fw-gq77-f2f2

Author: advisory-database[bot]

advisories/github-reviewed/2025/12/GHSA-32fw-gq77-f2f2/GHSA-32fw-gq77-f2f2.json

@@ -0,0 +1,73 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-32fw-gq77-f2f2",
+  "modified": "2025-12-02T17:34:33Z",
+  "published": "2025-12-02T09:30:26Z",
+  "aliases": [
+    "CVE-2025-10543"
+  ],
+  "summary": "Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes",
+  "details": "In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT topic may leak into the message body in a PUBLISH packet).\n\nThe issue arises because the length of the data passed in was converted from an int64/int32 (depending upon CPU) to an int16 without checks for overflows. The int16 length was then written, followed by the data (e.g. topic). This meant that when the data (e.g. topic) was over 65535 bytes then the amount of data written exceeds what the length field indicates. This could lead to a corrupt packet, or mean that the excess data leaks into another field (e.g. topic leaks into message body).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/eclipse/paho.mqtt.golang"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.5.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10543"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/eclipse-paho/paho.mqtt.golang/issues/730"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/eclipse-paho/paho.mqtt.golang/pull/714"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/alpinelinux/build-server-status/commit/e3487897db32c8c3d0287643f8384a6669e93731"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/eclipse-paho/paho.mqtt.golang"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/254"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-197"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-12-02T17:34:33Z",
+    "nvd_published_at": "2025-12-02T09:15:46Z"
+  }
+}

advisories/github-reviewed/2025/12/GHSA-8fr4-5q9j-m8gm/GHSA-8fr4-5q9j-m8gm.json

@@ -0,0 +1,69 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8fr4-5q9j-m8gm",
+  "modified": "2025-12-02T17:34:16Z",
+  "published": "2025-12-02T17:34:16Z",
+  "aliases": [
+    "CVE-2025-66448"
+  ],
+  "summary": "vLLM vulnerable to remote code execution via transformers_utils/get_config",
+  "details": "### Summary\n\n`vllm` has a critical remote code execution vector in a config class named `Nemotron_Nano_VL_Config`. When `vllm` loads a model config that contains an `auto_map` entry, the config class resolves that mapping with `get_class_from_dynamic_module(...)` and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the `auto_map` string. Crucially, this happens even when the caller explicitly sets `trust_remote_code=False` in `vllm.transformers_utils.config.get_config`. In practice, an attacker can publish a benign-looking frontend repo whose `config.json` points via `auto_map` to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host.\n\n### Details\n\nThe vulnerable code resolves and instantiates classes from `auto_map` entries without checking whether those entries point to a different repo or whether remote code execution is allowed.\n\n```python\nclass Nemotron_Nano_VL_Config(PretrainedConfig):\n    model_type = 'Llama_Nemotron_Nano_VL'\n\n    def __init__(self, **kwargs):\n        super().__init__(**kwargs)\n\n        if vision_config is not None:\n            assert \"auto_map\" in vision_config and \"AutoConfig\" in vision_config[\"auto_map\"]\n            # <-- vulnerable dynamic resolution + instantiation happens here\n            vision_auto_config = get_class_from_dynamic_module(*vision_config[\"auto_map\"][\"AutoConfig\"].split(\"--\")[::-1])\n            self.vision_config = vision_auto_config(**vision_config)\n        else:\n            self.vision_config = PretrainedConfig()\n```\n\n`get_class_from_dynamic_module(...)` is capable of fetching and importing code from the Hugging Face repo specified in the mapping. `trust_remote_code` is not enforced for this code path. As a result, a frontend repo can redirect the loader to any backend repo and cause code execution, bypassing the `trust_remote_code` guard.\n\n### Impact\n\nThis is a critical vulnerability because it breaks the documented `trust_remote_code` safety boundary in a core model-loading utility. The vulnerable code lives in a common loading path, so any application, service, CI job, or developer machine that uses `vllm`’s transformer utilities to load configs can be affected. The attack requires only two repos and no user interaction beyond loading the frontend model. A successful exploit can execute arbitrary commands on the host.\n\n### Fixes\n\n* https://github.com/vllm-project/vllm/pull/28126",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "vllm"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.11.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vllm-project/vllm/pull/28126"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/vllm-project/vllm"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-12-02T17:34:16Z",
+    "nvd_published_at": "2025-12-01T23:15:54Z"
+  }
+}