SB2025112850 - Multiple vulnerabilities in vLLM
Published: November 28, 2025 Updated: January 22, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper validation of array index (CVE-ID: CVE-2025-62372)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling multimodal embeddings. A remote user can send multimodal embedding inputs with correct ndim but incorrect shape, regardless of whether the model is intended to support such inputs and perform a denial of service attack.
2) Resource management error (CVE-ID: CVE-2025-62426)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the /v1/chat/completions and /tokenize endpoints. A remote user can send large requests to the affected endpoints and perform a denial of service (DoS) attack.
3) Buffer overflow (CVE-ID: CVE-2025-62164)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Completions API endpoint when processing user-supplied prompt embeddings. A remote user can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Protection mechanism failure (CVE-ID: CVE-2025-66448)
The vulnerability allows a remote user to execute arbitrary code on the system.
The vulnerability exists due to the application ignores the "trust_remote_code=False" option set in vllm.transformers_utils.config.get_config file. A remote user can load a model config that contains an auto_map entry and execute arbitrary Python code from a remote repository referenced in auto_map string.
Remediation
Install update from vendor's website.
References
- https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw
- https://github.com/vllm-project/vllm/security/advisories/GHSA-wv77-2vpf-vmmg
- https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p
- https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf
- https://github.com/vllm-project/vllm/security/advisories/GHSA-mcmc-2m55-j8jj
- https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm