AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-62164: vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memor

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseNovember 21, 2025CVE-2025-62164

Summary

vLLM versions 0.10.2 through 0.11.0 have a vulnerability in how they process user-supplied prompt embeddings (numerical representations of text). An attacker can craft malicious data that bypasses safety checks and causes memory corruption (writing data to the wrong location in computer memory), which can crash the system or potentially allow remote code execution (RCE, where an attacker runs commands on the server).

Solution / Mitigation

Update to vLLM version 0.11.1 or later. The source states: 'This issue has been patched in version 0.11.1.'

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

DoS

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-20 CWE-123 CWE-502 CWE-787

Affected Vendors

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%