CVE-2025-62164
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-21

Last updated on: 2025-12-04

Assigner: GitHub, Inc.

Description
vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using torch.load() without sufficient validation. Due to a change introduced in PyTorch 2.8.0, sparse tensor integrity checks are disabled by default. As a result, maliciously crafted tensors can bypass internal bounds checks and trigger an out-of-bounds memory write during the call to to_dense(). This memory corruption can crash vLLM and potentially lead to code execution on the server hosting vLLM. This issue has been patched in version 0.11.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-21
Last Modified
2025-12-04
Generated
2026-05-07
AI Q&A
2025-11-21
EPSS Evaluated
2026-05-05
NVD
CVE-2025-62164
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
vllm vllm From 0.10.2 (inc) to 0.11.1 (exc)
vllm vllm 0.11.1
vllm vllm 0.11.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-123 Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in vLLM versions 0.10.2 to before 0.11.1 in the Completions API endpoint. It involves memory corruption caused by loading user-supplied serialized tensors using torch.load() without sufficient validation. Due to a change in PyTorch 2.8.0 disabling sparse tensor integrity checks by default, malicious tensors can bypass bounds checks and cause out-of-bounds memory writes during to_dense(), leading to crashes or potentially remote code execution on the server.


How can this vulnerability impact me? :

The vulnerability can cause denial-of-service by crashing the vLLM service and may allow an attacker to execute arbitrary code remotely on the server hosting vLLM, potentially compromising the system's security and integrity.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade vLLM to version 0.11.1 or later, where the issue has been patched.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart