@blamejs/exceptd-skills 0.13.89 → 0.13.90

package/data/atlas-ttps.json

@@ -1719,6 +1719,8 @@
       "CVE-2024-39722",
       "CVE-2024-42478",
       "CVE-2024-42479",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-64496",
       "CVE-2026-0766",
       "CVE-2026-24213",

package/data/attack-techniques.json

@@ -197,6 +197,9 @@
     "tactic": [
       "Credential Access",
       "Discovery"
+    ],
+    "cve_refs": [
+      "CVE-2025-30202"
     ]
   },
   "T1041": {
@@ -283,6 +286,7 @@
       "CVE-2025-1550",
       "CVE-2025-23254",
       "CVE-2025-30165",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-53773",
@@ -887,10 +891,12 @@
       "CVE-2025-2776",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32706",
       "CVE-2025-32756",
@@ -2745,6 +2751,7 @@
     "last_verified": "2026-05-19",
     "notes": "Added v0.13.17 to support DoS-class KEV bulk imports.",
     "cve_refs": [
+      "CVE-2025-30202",
       "CVE-2025-6543",
       "CVE-2026-24215",
       "CVE-2026-45498"

package/data/cve-catalog.json

@@ -13610,6 +13610,213 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "NVIDIA Triton's DALI backend can be driven to uncontrolled resource consumption (CWE-400) for denial of service; fixed in r26.03."
   },
+  "CVE-2025-32444": {
+    "name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL). pickle-based serialization over unsecured ZeroMQ sockets in the Mooncake KV-transfer integration (CWE-502); network-reachable unauthenticated RCE.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the vLLM GitHub security advisory (GHSA-hj4w-hm2g-p6w5): a crafted serialized payload sent to the Mooncake ZeroMQ sockets executes code.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the vLLM project's GitHub security advisories. The abused surface is the distributed-serving IPC layer of the most widely used LLM inference/serving engine.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; insecure deserialization in the inference-serving transport.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "vLLM 0.6.5 through 0.8.4 with the Mooncake integration enabled (fixed 0.8.5).",
+    "affected_versions": [
+      "vLLM >= 0.6.5, <= 0.8.4 (Mooncake enabled)"
+    ],
+    "vector": "vLLM's Mooncake KV-transfer integration exchanges pickle-serialized data over unsecured ZeroMQ sockets (CWE-502). An unauthenticated network attacker who can reach those sockets sends a crafted serialized payload that executes code on the vLLM host. Unlike the off-by-default V0-engine flaw (CVE-2025-30165), the Mooncake sockets are network-reachable when the integration is enabled.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable, unauthenticated.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading vLLM to 0.8.5 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade vLLM to 0.8.5 or later. Never expose vLLM's distributed-serving ZeroMQ sockets (Mooncake KV transfer, XPUB) to untrusted networks; bind them to a trusted segment and authenticate peers."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the LLM serving engine's distributed-serving transport as managed, RCE/exposure-bearing software.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference engine's IPC sockets as an injection / exposure surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference engine's distributed transport as a privileged control plane.",
+      "DORA-Art-9": "ICT protection measures do not model insecure deserialization / socket exposure in an LLM serving engine as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for securing the inference engine's IPC sockets.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving engines' distributed transports.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and network isolation."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 31, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=26 (vLLM is the most widely used LLM serving engine) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-32444",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "iocs": {
+      "behavioral": [
+        "vLLM Mooncake ZeroMQ sockets receiving serialized payloads from peers outside the trusted node set.",
+        "Process or interpreter activity spawned during Mooncake KV-transfer deserialization.",
+        "Mooncake ZeroMQ sockets reachable from untrusted networks.",
+        "vLLM 0.6.5-0.8.4 with the Mooncake integration enabled - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the vLLM GitHub security advisory (https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5) and NVD CVE-2025-32444 (CWE-502)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-32444",
+      "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (vllm-project)",
+        "advisory_id": "CVE-2025-32444",
+        "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5",
+        "severity": "critical",
+        "published_date": "2025-04-29"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-32444",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32444",
+        "severity": "critical",
+        "published_date": "2025-04-29"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-502; NIST CVSS 9.8) + the vLLM GitHub security advisory. vLLM distributed-serving ZeroMQ flaw (fixed 0.8.5); same inference-IPC class as the ShadowMQ family.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "vLLM's Mooncake integration deserializes serialized data over unsecured ZeroMQ sockets (CWE-502), giving unauthenticated network RCE; fixed in 0.8.5."
+  },
+  "CVE-2025-30202": {
+    "name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
+    "type": "INFO-DISCLOSURE",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 7.5 (HIGH, availability/exposure). In multi-node deployments the primary host binds an XPUB ZeroMQ socket to all interfaces (CWE-770), exposing broadcast data and enabling denial of service.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the vLLM GitHub security advisory (GHSA-9f8f-2vmf-885j): an unauthorized client reaches the all-interface XPUB socket to read broadcast data and cause DoS.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the vLLM project's GitHub security advisories. The abused surface is the distributed-serving IPC layer of the most widely used LLM inference/serving engine.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; unauthenticated socket exposure in the inference-serving transport.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "vLLM 0.5.2 through 0.8.4 in multi-node deployments (fixed 0.8.5).",
+    "affected_versions": [
+      "vLLM >= 0.5.2, <= 0.8.4 (multi-node)"
+    ],
+    "vector": "vLLM's multi-node deployment binds the primary host's XPUB ZeroMQ socket to all interfaces without access control (CWE-770). An unauthorized network client can read the broadcast data stream and flood the socket to cause denial of service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable, unauthenticated.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading vLLM to 0.8.5 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade vLLM to 0.8.5 or later. Never expose vLLM's distributed-serving ZeroMQ sockets (Mooncake KV transfer, XPUB) to untrusted networks; bind them to a trusted segment and authenticate peers."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the LLM serving engine's distributed-serving transport as managed, RCE/exposure-bearing software.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference engine's IPC sockets as an injection / exposure surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference engine's distributed transport as a privileged control plane.",
+      "DORA-Art-9": "ICT protection measures do not model insecure deserialization / socket exposure in an LLM serving engine as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for securing the inference engine's IPC sockets.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving engines' distributed transports.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and network isolation."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1499",
+      "T1040"
+    ],
+    "rwep_score": 27,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 27, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=22 (vLLM is the most widely used LLM serving engine) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-30202",
+    "cwe_refs": [
+      "CWE-770"
+    ],
+    "iocs": {
+      "behavioral": [
+        "vLLM primary host's XPUB ZeroMQ socket bound to 0.0.0.0 / all interfaces and reachable from untrusted networks.",
+        "Unauthorized clients subscribing to or flooding the vLLM XPUB broadcast socket.",
+        "Resource exhaustion on the vLLM primary node correlated with XPUB socket traffic.",
+        "vLLM 0.5.2-0.8.4 multi-node deployment - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the vLLM GitHub security advisory (https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j) and NVD CVE-2025-30202 (CWE-770)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-30202",
+      "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (vllm-project)",
+        "advisory_id": "CVE-2025-30202",
+        "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j",
+        "severity": "high",
+        "published_date": "2025-04-29"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-30202",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30202",
+        "severity": "high",
+        "published_date": "2025-04-29"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-770; NIST CVSS 7.5) + the vLLM GitHub security advisory. vLLM distributed-serving ZeroMQ flaw (fixed 0.8.5); same inference-IPC class as the ShadowMQ family.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "vLLM binds its multi-node XPUB ZeroMQ socket to all interfaces (CWE-770), exposing broadcast data and enabling DoS; fixed in 0.8.5."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json

@@ -1321,6 +1321,7 @@
       "CVE-2025-24016",
       "CVE-2025-26399",
       "CVE-2025-30165",
+      "CVE-2025-32444",
       "CVE-2025-40551",
       "CVE-2025-42999",
       "CVE-2025-49113",
@@ -3640,7 +3641,9 @@
       "CWE-2000"
     ],
     "related_weaknesses": [],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2025-30202"
+    ],
     "last_verified": "2026-05-19",
     "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
     "_auto_imported": true,

package/data/framework-control-gaps.json

@@ -52,6 +52,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -1442,11 +1444,13 @@
       "CVE-2025-27920",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
       "CVE-2025-32706",
@@ -1812,6 +1816,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-38352",
       "CVE-2025-43300",
@@ -2176,6 +2182,8 @@
       "CVE-2024-42478",
       "CVE-2024-42479",
       "CVE-2025-23266",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-53767",
       "CVE-2026-34159",
       "CVE-2026-42897"
@@ -2470,11 +2478,13 @@
       "CVE-2025-27920",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
       "CVE-2025-32706",
@@ -4912,6 +4922,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -5445,6 +5457,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -5521,6 +5535,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",

package/data/zeroday-lessons.json

@@ -6633,6 +6633,106 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation"
   },
+  "CVE-2025-32444": {
+    "name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "vLLM's distributed-serving transport exposes CWE-502 deserialization over unsecured ZeroMQ in the Mooncake integration: an unauthenticated network peer sends a crafted serialized payload that executes code on the vLLM host.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the distributed-serving IPC layer of the most widely used LLM serving engine. The lesson matches the ShadowMQ family: an inference engine's IPC sockets must use a safe serializer, authenticate peers, and stay on a trusted network segment — never bound to all interfaces or fed untrusted serialized data."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the LLM serving engine's distributed transport as RCE/exposure-bearing software."
+      },
+      "NIST-800-53-SC-7": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and isolation."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 70,
+      "basis": "Distributed LLM serving is deployed on trusted-network assumptions; the engine's IPC sockets are not tracked or isolated.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-086",
+        "name": "AI-INFERENCE-IPC-DESERIALIZATION-SAFETY",
+        "description": "AI inference engines must use a safe serializer for IPC/socket communication, never deserialize untrusted serialized objects, authenticate socket peers, bind sockets to loopback/trusted segments (never all interfaces), and isolate the channel. Upgrade vLLM to 0.8.5 or later, which fixes both the Mooncake deserialization RCE (CVE-2025-32444) and the XPUB all-interface exposure (CVE-2025-30202). This is the same control class as the ShadowMQ family (CVE-2025-30165 etc.) — apply it across every inference engine in the estate. The distinguishing test: from an unauthorized peer on a staging cluster, send a crafted serialized object to the Mooncake socket and connect to the XPUB socket; both must be refused.",
+        "evidence": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SC-7",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2025-30202": {
+    "name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "vLLM's distributed-serving transport exposes CWE-770 unauthenticated all-interface XPUB ZeroMQ socket exposure: an unauthenticated network peer reads the broadcast data stream and floods the socket for denial of service.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the distributed-serving IPC layer of the most widely used LLM serving engine. The lesson matches the ShadowMQ family: an inference engine's IPC sockets must use a safe serializer, authenticate peers, and stay on a trusted network segment — never bound to all interfaces or fed untrusted serialized data."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the LLM serving engine's distributed transport as RCE/exposure-bearing software."
+      },
+      "NIST-800-53-SC-7": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and isolation."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 66,
+      "basis": "Distributed LLM serving is deployed on trusted-network assumptions; the engine's IPC sockets are not tracked or isolated.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-086",
+        "name": "AI-INFERENCE-IPC-DESERIALIZATION-SAFETY",
+        "description": "AI inference engines must use a safe serializer for IPC/socket communication, never deserialize untrusted serialized objects, authenticate socket peers, bind sockets to loopback/trusted segments (never all interfaces), and isolate the channel. Upgrade vLLM to 0.8.5 or later, which fixes both the Mooncake deserialization RCE (CVE-2025-32444) and the XPUB all-interface exposure (CVE-2025-30202). This is the same control class as the ShadowMQ family (CVE-2025-30165 etc.) — apply it across every inference engine in the estate. The distinguishing test: from an unauthorized peer on a staging cluster, send a crafted serialized object to the Mooncake socket and connect to the XPUB socket; both must be refused.",
+        "evidence": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SC-7",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
   "CVE-2024-50050": {
     "name": "Meta Llama Stack Socket Deserialization RCE (ShadowMQ)",
     "lesson_date": "2026-05-25",