CVE-2025-62372

Description

vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

High

Affected products

vllm-project / vllm>= 0.5.5, < 0.11.1 – >= 0.5.5, < 0.11.1

References

VENDOR_ADVISORYhttps://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw
PATCHhttps://github.com/vllm-project/vllm/pull/27204
PATCHhttps://github.com/vllm-project/vllm/pull/6613
PATCHhttps://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b