Vllm
AI Threat Alert tracks 31 known AI/ML vulnerabilities affecting Vllm products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Vllm CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-25960 | vllm: SSRF allows internal network access | vllm | 9.8 |
| CRITICAL | CVE-2025-47277 | vLLM: RCE via exposed TCPStore in distributed inference | vllm | 9.8 |
| HIGH | CVE-2025-62164 | vllm: Input Validation flaw enables exploitation | vllm | 8.8 |
| MEDIUM | CVE-2025-29770 | vLLM: DoS via unbounded grammar cache exhausts disk | vllm | 6.5 |
| HIGH | CVE-2025-24357 | vLLM: unsafe deserialization RCE via model loading | vllm | 8.8 |
| LOW | CVE-2025-25183 | vLLM: hash collision enables prefix cache poisoning | vllm | 2.6 |
| CRITICAL | CVE-2025-29783 | vLLM: RCE via unsafe deserialization in Mooncake KV | vllm | 9.0 |
| CRITICAL | CVE-2024-11041 | vllm: RCE via unsafe pickle deserialization in MessageQueue | vllm | 9.8 |
| HIGH | CVE-2025-30202 | vLLM: ZeroMQ socket exposure enables DoS in multi-node | vllm | 7.5 |
| CRITICAL | CVE-2025-32444 | vLLM: RCE via pickle deserialization on ZeroMQ | vllm | 9.8 |
| HIGH | CVE-2025-46560 | vLLM: DoS via quadratic multimodal tokenizer input | vllm | 7.5 |
| HIGH | CVE-2025-30165 | vLLM: pickle RCE in multi-node inference deployments | vllm | 8.0 |
| LOW | CVE-2025-46570 | vLLM: timing side-channel leaks prompt cache data | vllm | 2.6 |
| HIGH | CVE-2025-46722 | vLLM: image hash collision enables multimodal cache leakage | vllm | 7.3 |
| MEDIUM | CVE-2025-48887 | vLLM: ReDoS in tool parser causes service outage | vllm | 6.5 |
| MEDIUM | CVE-2025-48942 | vLLM: DoS via malformed JSON schema guided param | vllm | 6.5 |
| MEDIUM | CVE-2025-48943 | vLLM: ReDoS crashes inference server via malformed regex | vllm | 6.5 |
| MEDIUM | CVE-2025-48944 | vLLM: input validation DoS crashes inference worker | vllm | 6.5 |
| HIGH | CVE-2025-48956 | vLLM: unauthenticated DoS via oversized HTTP header | vllm | 7.5 |
| HIGH | CVE-2025-59425 | vLLM: timing attack enables API key bypass | vllm | 7.5 |
Page 1 of 2
Frequently asked questions
How many known vulnerabilities affect Vllm?
31 AI/ML CVEs affecting Vllm products are tracked, sourced from NVD and GitHub Advisory.
What Vllm products are affected?
The CVEs below map to the Vllm AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Vllm vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Vllm for new vulnerabilities?
AI Threat Alert tracks Vllm continuously; a Pro subscription adds breaking alerts when new CVEs affecting Vllm are published.
How do I assess Vllm's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Vllm issues first and judge the exposure for your stack.