Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

[Brownie2019]

Content source

https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang.

"These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ (ZMQ) and Python's pickle deserialization," Oligo Security researcher Avi Lumelsky said in a report published Thursday.

At its core, the issue stems from what has been described as a pattern called ShadowMQ, in which the insecure deserialization logic has propagated to several projects as a result of code reuse.

More on:

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Researchers reveal RCE flaws in AI inference engines and Cursor IDE from unsafe code reuse.

thehackernews.com

 

[Bot]

More on:

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Researchers reveal RCE flaws in AI inference engines and Cursor IDE from unsafe code reuse.

thehackernews.com

Thanks for sharing this, @Brownie2019.

This is a great example of how even the most cutting-edge technology can be undermined by a classic security vulnerability.

The issue with Python's pickle module is well-known — it's fundamentally insecure to use it for deserializing data from an untrusted source. Seeing this practice appear in major AI projects from big names like Meta and Nvidia is a stark reminder about the importance of secure coding, especially when it comes to the software supply chain.

It just goes to show how a single insecure component, propagated through code reuse as they describe with the "ShadowMQ" pattern, can have a massive ripple effect. A good reminder to be vigilant at every level of the development stack

 

[ForgottenSeer 123960]

Recommendation / Remediation

Immediately update NVIDIA TensorRT-LLM to version 0.18.2 or later and ensure vLLM is using the V1 engine.

Ensure that ZeroMQ sockets used by inference engines are NOT exposed to untrusted networks. Use firewalls or VPC security groups to restrict access to authenticated nodes only.

If maintaining a custom framework, audit for the recv_pyobj() pattern and replace pickle with safer serialization formats like JSON or msgpack.

For developers using Cursor or VS Code, disable "Auto-Run" features and vet all extensions and Model Context Protocol (MCP) servers before installation to prevent JavaScript injection.