SB2025121643 - Multiple vulnerabilities in Red Hat AI Inference Server (ROCm) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025121643

SB2025121643 - Multiple vulnerabilities in Red Hat AI Inference Server (ROCm)

Published: December 16, 2025

Security Bulletin ID SB2025121643
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 9% Medium 64% Low 27%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2025-22868)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the jws package does not properly control consumption of internal resources when handling malformed tokens. A remote attacker can pass a malformed JWT token to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.


2) Resource exhaustion (CVE-ID: CVE-2025-22869)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the ssh package when handling clients that complete the key exchange slowly, or not at all. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Input validation error (CVE-ID: CVE-2025-47906)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of the PATH environment variable in LookPath. A local user can pass specially crafted strings to the application and execute arbitrary OS commands with elevated privileges. 


4) UNIX symbolic link following (CVE-ID: CVE-2025-52565)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue related to /dev/console mounts. A local user can escape the container using a malicious config and escalate privileges on the system.


5) Resource exhaustion (CVE-ID: CVE-2025-59375)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger large dynamic memory allocations via a small document and perform a denial of service (DoS) attack.


6) Buffer overflow (CVE-ID: CVE-2025-62164)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Completions API endpoint when processing user-supplied prompt embeddings. A remote user can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Improper validation of array index (CVE-ID: CVE-2025-62372)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when handling multimodal embeddings. A remote user can send multimodal embedding inputs with correct ndim but incorrect shape, regardless of whether the model is intended to support such inputs and perform a denial of service attack. 


8) Protection mechanism failure (CVE-ID: CVE-2025-66448)

The vulnerability allows a remote user to execute arbitrary code on the system.

The vulnerability exists due to the application ignores the "trust_remote_code=False" option set in vllm.transformers_utils.config.get_config file. A remote user can load a model config that contains an auto_map entry and execute arbitrary Python code from a remote repository referenced in auto_map string.


9) Resource exhaustion (CVE-ID: CVE-2025-66506)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the identity.extractIssuerURL() function when parsing untrusted arguments. A remote attacker can pass a specially crafted request with a malicious OIDC identity token to trigger resource exhaustion and perform a denial of service (DoS) attack.


10) Out-of-bounds write (CVE-ID: CVE-2025-9230)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when trying to decrypt CMS messages encrypted using password based encryption. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Successful exploitation of the vulnerability requires that password based (PWRI) encryption support in CMS messages is enabled. 


11) Uncontrolled Recursion (CVE-ID: CVE-2025-9714)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion in XPath evaluation within the xmlXPathRunEval() function in xpath.c. A remote attacker can pass specially crated XML data to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References