CNNVD-202511-2541 Information

CNNVD ID

CNNVD-202511-2541

Related CVE

CVE-2025-62372

• CNNVD Published: 2025-11-21

Description (Chinese)

vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.5.5版本至0.11.1之前版本存在输入验证错误漏洞，该漏洞源于多模态嵌入输入处理不当，可能导致引擎崩溃。

Description (English)

vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. vLM version 0.5.5 to 0.11.1 has an input validation error loophole, which results from the inappropriate handling of multimodular embedded input, which may lead to engine crash.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

vLLM

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b https://github.com/vllm-project/vllm/pull/27204 https://github.com/vllm-project/vllm/pull/6613 https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw

Patch

https://github.com/vllm-project/vllm/releases