{"data":{"id":"95c9f506-e4b4-45a6-b010-fe92cbe939a5","title":"CVE-2025-62372: vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can","summary":"vLLM (an inference and serving engine for large language models) versions 0.5.5 through 0.11.0 have a vulnerability where users can crash the engine by sending multimodal embedding inputs (data that combines multiple types of information, like images and text) with incorrect shape parameters, even if the model doesn't support such inputs. This bug has a CVSS score of 8.3 (a 0-10 scale measuring vulnerability severity), indicating it's a high-severity issue.","solution":"This issue has been patched in version 0.11.1. Users should upgrade to vLLM version 0.11.1 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-62372","publishedAt":"2025-11-21T07:15:43.393Z","cveId":"CVE-2025-62372","cweIds":["CWE-129"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00064,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}