CNNVD-202510-1055 Information
CNNVD ID
CNNVD-202510-1055
Related CVE
- CNNVD Published: 2025-10-07
Description (Chinese)
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.11.0rc2之前版本存在安全漏洞,该漏洞源于API密钥验证方法存在时序攻击漏洞,可能导致身份验证绕过。
Description (English)
vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. There was a security loophole in the previous version of vLM 0.11.0rc2, which stemmed from the time-series attack gap in the API key authentication method, which could lead to a circumvention of the authentication.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
vLLM
Published
2025-10-07
Last Modified
2026-02-24
References
https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274 https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48 https://github.com/vllm-project/vllm/releases/tag/v0.11.0 https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm
Patch
https://github.com/vllm-project/vllm/releases
Share on: