CVE-2025-6920 Information
Jul 02, 2025
cve
Description
A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/ endpoints are expected to enforce API key validation. However the POST /invocations endpoint failed to do so resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints potentially exposing sensitive functionality or allowing unintended access to backend resources.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://access.redhat.com/security/cve/CVE-2025-6920 https://bugzilla.redhat.com/show_bug.cgi?id=2375522
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3
Related CNNVD
CNNVD-202506-3713 (Published: 2025-06-30)
Share on: