CVE-2025-25183

Published: Feb 7, 2025

Modified: Feb 12, 2025

PUBLISHED

CVSS v3.1

2.6

LOW

Description

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor	Product	Versions
vllm-project	vllm	affected `< 0.7.2`

Weaknesses (CWE)

CWE-354

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8

x_refsource_CONFIRM

https://github.com/vllm-project/vllm/pull/12621

x_refsource_MISC

https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-25183

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References