AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-46570: vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is p

lowvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseMay 29, 2025CVE-2025-46570

Summary

vLLM, an inference and serving engine for large language models, had a vulnerability in versions before 0.9.0 where timing differences in the PageAttention mechanism (a feature that speeds up processing by reusing matching text chunks) were large enough that attackers could detect and exploit them. This type of attack is called a timing side-channel attack, where an attacker learns information by measuring how long operations take.

Solution / Mitigation

Update vLLM to version 0.9.0 or later. The issue has been patched in version 0.9.0.

Vulnerability Details

CVSS Score

2.6(low)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Data Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedInference

Taxonomy References

CWE (Weakness Type)

CWE-208 CWE-203

Affected Vendors

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: February 15, 2026 at 08:44 PM

Classified by LLM (prompt v3) · confidence: 85%