AI Component

Inference

Inference servers are the most actively-exploited component of the AI stack because they sit between the model and the public internet and they hold the GPU. The shape of the bugs is mostly web-app classes magnified by the cost of compute: missing auth on /v1 endpoints, SSRF that escapes the sandbox onto the platform's control plane, unsafe deserialization on model-loading paths, and path traversal in artifact-management endpoints. vLLM, Triton, TGI, BentoML, Ray Serve, and Ollama have each shipped multiple high-severity CVEs since 2023; CVE-2024-11041 in vLLM was a notable example combining prompt injection with code execution. Multi-tenant deployments are particularly exposed because a single bug typically crosses tenant boundaries. Defenses: aggressive patching, mandatory auth, network segmentation between inference and control plane, and per-tenant resource quotas to bound abuse.

698
Total CVEs
35
Pages
Page 18 of 35
Current
Severity CVE CVSS
MEDIUM CVE-2023-48299 5.3
HIGH CVE-2024-31583 7.8
CRITICAL CVE-2024-35198 9.8
HIGH CVE-2024-35199 8.2
HIGH CVE-2025-2148 7.5
LOW CVE-2025-2149 2.5
MEDIUM CVE-2024-6577 6.3
MEDIUM CVE-2025-2953 5.5
MEDIUM CVE-2025-2999 5.3
MEDIUM CVE-2025-3000 5.3
MEDIUM CVE-2025-3121 5.5
LOW CVE-2025-3136 3.3
CRITICAL CVE-2025-32434 9.8
CRITICAL CVE-2025-47277 9.8
MEDIUM CVE-2025-46148 5.3
MEDIUM CVE-2025-46149 5.3
MEDIUM CVE-2025-46150 5.3
MEDIUM CVE-2025-46152 5.3
MEDIUM CVE-2025-46153 5.3
HIGH CVE-2025-55551 7.5

Page 18 of 35