CNNVD-202510-885 Information

CNNVD ID

CNNVD-202510-885

Related CVE

CVE-2025-6242

• CNNVD Published: 2025-10-07

Description (Chinese)

vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM存在代码问题漏洞，该漏洞源于MediaConnector类中load_from_url和load_from_url_async方法对用户提供URL的目标主机限制不足，可能导致服务端请求伪造攻击。

Description (English)

vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. vLLM has a code problem loophole, which stems from inadequate restrictions on the target host of URLs provided by users in the MediaConnector category, i.e., load from url and load from url async, which may result in the service side requesting a false attack.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

vLLM

Published

2025-10-07

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-6242 https://bugzilla.redhat.com/show_bug.cgi?id=2373716

Patch

https://github.com/vllm-project/vllm/releases