CVE-2025-62372
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | vllm | >=0.5.5,<0.11.1 | 0.11.1 |
References
- https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw
- https://nvd.nist.gov/vuln/detail/CVE-2025-62372
- https://github.com/vllm-project/vllm/pull/27204
- https://github.com/vllm-project/vllm/pull/6613
- https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b
- https://github.com/vllm-project/vllm
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.