Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft - csoonline.com

A series of critical Remote Code Execution (RCE) vulnerabilities, dubbed 'ShadowMQ,' were discovered in major AI inference frameworks (Meta Llama Stack, Nvidia TensorRT-LLM, vLLM, etc.) due to insecure Python pickle deserialization over unauthenticated ZeroMQ sockets. These flaws, including CVE-2024-50050 and CVE-2025-23254, were widely replicated through code reuse, creating systemic risk for arbitrary code execution on enterprise AI infrastructure and potential data exfiltration.