AI Threat Alert

Vllm

27 AI/ML vulnerabilities tracked for Vllm.

27

Total CVEs

2

Pages

Page 1 of 2

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2026-25960	vllm: SSRF allows internal network access	vllm	9.8
CRITICAL	CVE-2025-47277	vLLM: RCE via exposed TCPStore in distributed inference	vllm	9.8
HIGH	CVE-2025-62164	vllm: Input Validation flaw enables exploitation	vllm	8.8
MEDIUM	CVE-2025-29770	vLLM: DoS via unbounded grammar cache exhausts disk	vllm	6.5
HIGH	CVE-2025-24357	vLLM: unsafe deserialization RCE via model loading	vllm	8.8
LOW	CVE-2025-25183	vLLM: hash collision enables prefix cache poisoning	vllm	2.6
CRITICAL	CVE-2025-29783	vLLM: RCE via unsafe deserialization in Mooncake KV	vllm	9.0
CRITICAL	CVE-2024-11041	vllm: RCE via unsafe pickle deserialization in MessageQueue	vllm	9.8
HIGH	CVE-2025-30202	vLLM: ZeroMQ socket exposure enables DoS in multi-node	vllm	7.5
CRITICAL	CVE-2025-32444	vLLM: RCE via pickle deserialization on ZeroMQ	vllm	9.8
HIGH	CVE-2025-46560	vLLM: DoS via quadratic multimodal tokenizer input	vllm	7.5
HIGH	CVE-2025-30165	vLLM: pickle RCE in multi-node inference deployments	vllm	8.0
LOW	CVE-2025-46570	vLLM: timing side-channel leaks prompt cache data	vllm	2.6
HIGH	CVE-2025-46722	vLLM: image hash collision enables multimodal cache leakage	vllm	7.3
MEDIUM	CVE-2025-48887	vLLM: ReDoS in tool parser causes service outage	vllm	6.5
MEDIUM	CVE-2025-48942	vLLM: DoS via malformed JSON schema guided param	vllm	6.5
MEDIUM	CVE-2025-48943	vLLM: ReDoS crashes inference server via malformed regex	vllm	6.5
MEDIUM	CVE-2025-48944	vLLM: input validation DoS crashes inference worker	vllm	6.5
HIGH	CVE-2025-48956	vLLM: unauthenticated DoS via oversized HTTP header	vllm	7.5
HIGH	CVE-2025-59425	vLLM: timing attack enables API key bypass	vllm	7.5

Page 1 of 2