Skip to content

[Small] Prevent bypassing media domain restriction via HTTP redirects#26035

Merged
simon-mo merged 3 commits intovllm-project:mainfrom
huachenheli:security
Oct 2, 2025
Merged

[Small] Prevent bypassing media domain restriction via HTTP redirects#26035
simon-mo merged 3 commits intovllm-project:mainfrom
huachenheli:security

Conversation

@huachenheli
Copy link
Contributor

@huachenheli huachenheli commented Oct 1, 2025
edited by github-actions bot
Loading

Purpose

Addresses comment from Gemini in #25783 to prevent bypassing media domain restriction via HTTP redirects.

Test Plan

VLLM_MEDIA_URL_ALLOW_REDIRECTS=0 CUDA_VISIBLE_DEVICES=7 vllm serve Qwen/Qwen2.5-VL-3B-Instruct --port 8001 --host 0.0.0.0 --dtype bfloat16 --limit-mm-per-prompt '{"image": 1, "video":1}'

Test Result

Essential Elements of an Effective PR Description Checklist
  • The purpose of the PR, such as "Fix some issue (link existing issues this PR will resolve)".
  • The test plan, such as providing test command.
  • The test results, such as pasting the results comparison before and after, or e2e results
  • (Optional) The necessary documentation update, such as updating supported_models.md and examples for a new model.
  • (Optional) Release notes update. If your change is user facing, please update the release notes draft in the Google Doc.

@huachenheli
allow overriding HTTP redirect permission via env var
e936bc9 
Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
@mergify mergify bot added documentation Improvements or additions to documentation multi-modality Related to multi-modality (#4194) labels Oct 1, 2025
gemini-code-assist[bot]
gemini-code-assist bot reviewed Oct 1, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request effectively addresses a security concern by introducing a mechanism to prevent bypassing media domain restrictions via HTTP redirects. The implementation adds a new environment variable, VLLM_MEDIA_URL_ALLOW_REDIRECTS, and correctly propagates the allow_redirects flag through the necessary function calls to the underlying HTTP clients. The documentation has also been updated accordingly. I have one suggestion to improve type consistency in the environment variable definition, which will enhance code clarity and maintainability.

@huachenheli
address comments
5e29dcc 
Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
@DarkLight1337 DarkLight1337 added this to the v0.11.0 Cherry Picks milestone Oct 2, 2025
DarkLight1337
DarkLight1337 reviewed Oct 2, 2025
View reviewed changes
DarkLight1337
DarkLight1337 reviewed Oct 2, 2025
View reviewed changes
Copy link
Member

@DarkLight1337 DarkLight1337 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @russellb

@huachenheli
address comments
d2ee052 
Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
@DarkLight1337 DarkLight1337 enabled auto-merge (squash) October 2, 2025 16:18
@github-actions github-actions bot added the ready ONLY add when PR is ready to merge/full CI is needed label Oct 2, 2025
@simon-mo simon-mo disabled auto-merge October 2, 2025 17:26
@simon-mo simon-mo merged commit ad87ba9 into vllm-project:main Oct 2, 2025
16 of 19 checks passed
@simon-mo
Copy link
Collaborator

simon-mo commented Oct 2, 2025

force merging to unblock release

simon-mo pushed a commit that referenced this pull request Oct 2, 2025
@huachenheli @simon-mo
[Small] Prevent bypassing media domain restriction via HTTP redirects (
9d9a2b7 
…#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
Signed-off-by: simon-mo <simon.mo@hey.com>
pdasigi pushed a commit to pdasigi/vllm that referenced this pull request Oct 2, 2025
@huachenheli @pdasigi
[Small] Prevent bypassing media domain restriction via HTTP redirects (
4937686 
…vllm-project#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
@huachenheli huachenheli deleted the security branch October 2, 2025 22:55
yewentao256 pushed a commit that referenced this pull request Oct 3, 2025
@huachenheli @yewentao256
[Small] Prevent bypassing media domain restriction via HTTP redirects (
c5880cf 
…#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
Signed-off-by: yewentao256 <zhyanwentao@126.com>
tomeras91 pushed a commit to tomeras91/vllm that referenced this pull request Oct 6, 2025
@huachenheli @tomeras91
[Small] Prevent bypassing media domain restriction via HTTP redirects (
a26a1d3 
…vllm-project#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
Signed-off-by: Tomer Asida <57313761+tomeras91@users.noreply.github.com>
choprahetarth pushed a commit to Tandemn-Labs/vllm that referenced this pull request Oct 11, 2025
@huachenheli @choprahetarth
[Small] Prevent bypassing media domain restriction via HTTP redirects (
4931b7e 
…vllm-project#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
Signed-off-by: simon-mo <simon.mo@hey.com>
shyeh25 pushed a commit to shyeh25/vllm that referenced this pull request Oct 14, 2025
@huachenheli @shyeh25
Prevent bypassing media domain restriction via HTTP redirects (vllm-p…
f26b37a 
…roject#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
Signed-off-by: simon-mo <simon.mo@hey.com>
lywa1998 pushed a commit to lywa1998/vllm that referenced this pull request Oct 20, 2025
@huachenheli @lywa1998
[Small] Prevent bypassing media domain restriction via HTTP redirects (
132532f 
…vllm-project#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
alhridoy pushed a commit to alhridoy/vllm that referenced this pull request Oct 24, 2025
@huachenheli @alhridoy
[Small] Prevent bypassing media domain restriction via HTTP redirects (
f0da208 
…vllm-project#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
rtourgeman pushed a commit to rtourgeman/vllm that referenced this pull request Nov 10, 2025
@huachenheli @rtourgeman
[Small] Prevent bypassing media domain restriction via HTTP redirects (
82a1121 
…vllm-project#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
agrabow pushed a commit to agrabow/vllm-fork that referenced this pull request Dec 15, 2025
@huachenheli @agrabow
[Small] Prevent bypassing media domain restriction via HTTP redirects (
1169837 
…vllm-project#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
(cherry picked from commit ad87ba9)
agrabow pushed a commit to agrabow/vllm-fork that referenced this pull request Dec 15, 2025
@huachenheli @agrabow
[Small] Prevent bypassing media domain restriction via HTTP redirects (
e261237 
…vllm-project#26035)

Signed-off-by: Chenheli Hua <huachenheli@outlook.com>
(cherry picked from commit ad87ba9)
(cherry picked from commit 1169837)
silverjam pushed a commit to YurtsAI/yurts-vllm that referenced this pull request Jan 24, 2026
fix: patch CVE-2025-6242 - SSRF vulnerability in multimodal media han…
67cf531 
…dling

Port security fixes from upstream PRs vllm-project#25783 and vllm-project#26035 to address
SSRF vulnerability in vLLM's multimodal media handling.

Security improvements:
- Add domain allowlist via --allowed-media-domains CLI parameter
- Add VLLM_MEDIA_URL_ALLOW_REDIRECTS environment variable (defaults to disabled)
- Implement domain validation before fetching HTTP(S) URLs
- Add redirect control to prevent bypassing domain restrictions

The fix provides defense-in-depth protection against SSRF attacks
while maintaining backward compatibility (empty allowlist permits all domains).

Changes:
- vllm/envs.py: Add VLLM_MEDIA_URL_ALLOW_REDIRECTS env var
- vllm/connections.py: Add allow_redirects parameter to HTTP methods
- vllm/multimodal/utils.py: Add domain validation logic
- vllm/config/__init__.py: Add allowed_media_domains configuration field
- vllm/engine/arg_utils.py: Add --allowed-media-domains CLI argument
- vllm/entrypoints/*.py: Wire configuration through entry points
- tests/multimodal/test_utils.py: Add security validation tests
- test_security_fixes.py: Add standalone security test suite
- CVE-2025-6242-IMPLEMENTATION-SUMMARY.md: Implementation documentation

References:
- CVE-2025-6242
- Upstream PR vllm-project#25783 (domain restriction)
- Upstream PR vllm-project#26035 (redirect control)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DarkLight1337 DarkLight1337 DarkLight1337 approved these changes

@ywang96 ywang96 Awaiting requested review from ywang96 ywang96 is a code owner

@NickLucche NickLucche Awaiting requested review from NickLucche NickLucche is a code owner

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation multi-modality Related to multi-modality (#4194) ready ONLY add when PR is ready to merge/full CI is needed

Projects

None yet

Milestone

v0.11.0 Cherry Picks

Development

Successfully merging this pull request may close these issues.

3 participants

@huachenheli @simon-mo @DarkLight1337