{"data":{"id":"61d93112-e429-4bf1-ab08-26cf89d05af4","title":"CVE-2025-46722: vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.","summary":"vLLM (a system for running large language models) versions 0.7.0 through 0.8.x have a bug in how they create hash values (fingerprints) for images. The hashing method only looks at the raw pixel data and ignores important image properties like width and height, so two different-sized images with the same pixels would create identical hash values. This can cause the system to incorrectly reuse cached results or expose data it shouldn't.","solution":"This issue has been patched in version 0.9.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-46722","publishedAt":"2025-05-29T21:15:21.523Z","cveId":"CVE-2025-46722","cweIds":["CWE-1023","CWE-1288"],"cvssScore":"4.2","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00099,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}