CVE-2025-62164
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-62164, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-21

Last updated on: 2025-12-04

Assigner: GitHub, Inc.

Description

vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using torch.load() without sufficient validation. Due to a change introduced in PyTorch 2.8.0, sparse tensor integrity checks are disabled by default. As a result, maliciously crafted tensors can bypass internal bounds checks and trigger an out-of-bounds memory write during the call to to_dense(). This memory corruption can crash vLLM and potentially lead to code execution on the server hosting vLLM. This issue has been patched in version 0.11.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-21
Last Modified
2025-12-04
Generated
2026-07-06
AI Q&A
2025-11-21
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
vllm vllm From 0.10.2 (inc) to 0.11.1 (exc)
vllm vllm 0.11.1
vllm vllm 0.11.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-123 Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in vLLM versions 0.10.2 to before 0.11.1 in the Completions API endpoint. It involves memory corruption caused by loading user-supplied serialized tensors using torch.load() without sufficient validation. Due to a change in PyTorch 2.8.0 disabling sparse tensor integrity checks by default, malicious tensors can bypass bounds checks and cause out-of-bounds memory writes during to_dense(), leading to crashes or potentially remote code execution on the server.

Impact Analysis

The vulnerability can cause denial-of-service by crashing the vLLM service and may allow an attacker to execute arbitrary code remotely on the server hosting vLLM, potentially compromising the system's security and integrity.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade vLLM to version 0.11.1 or later, where the issue has been patched.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62164. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart