A high-severity vulnerability has been discovered in multiple LMDeploy products, a toolkit used for deploying and serving Large Language Models (LLMs). An unauthenticated attacker could remotely exploit this flaw to execute arbitrary code on the affected server, potentially leading to a complete system compromise, theft of sensitive data, and disruption of AI-powered services. Organizations are urged to apply security updates immediately to mitigate this critical risk.

The vulnerability exists in the way LMDeploy processes incoming inference requests. A remote, unauthenticated attacker can send a specially crafted request to an exposed API endpoint. Due to improper input validation, this malicious request can trigger a deserialization flaw, allowing the attacker to execute arbitrary code with the privileges of the LMDeploy service account on the underlying server.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could have severe consequences for the organization, including the complete compromise of the server hosting the LLM. Potential impacts include the theft of proprietary models, exfiltration of sensitive data processed by the LLM, denial of service impacting critical applications, and the attacker gaining a persistent foothold within the corporate network to launch further attacks. Such a breach could lead to significant financial loss, reputational damage, and regulatory penalties.

Immediate Action: Apply vendor security updates immediately across all affected LMDeploy instances. After patching, review server and application access logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring of systems running LMDeploy. Specifically, security teams should look for:

• Anomalous or malformed API requests in web server and application logs.
• Unexpected outbound network traffic originating from the LMDeploy servers.
• Unusual process execution, file creation, or system behavior on the host operating system.
• Significant, unexplained spikes in CPU or memory utilization.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:

• Restrict network access to the LMDeploy API endpoints to only trusted IP addresses using a firewall or network security groups.
• Deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious request patterns targeting the service.
• Ensure the LMDeploy service is running in a containerized and sandboxed environment with the lowest possible privileges to limit the impact of a potential compromise.

Public Exploit Available: false

Given the high CVSS score of 8.8, this vulnerability represents a critical risk to the organization. We strongly recommend that all teams utilizing LMDeploy prioritize the immediate application of the vendor-supplied security patches. While this CVE is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion. Organizations that cannot patch immediately must implement the recommended compensating controls and actively monitor for any signs of attempted exploitation.