5 matches found
CVE-2025-59425
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
CVE-2025-59425
CVE-2025-59425 affects vLLM prior to 0.11.0rc2, where API key validation used a string comparison that leaks timing information. Attackers observing responses over many attempts could determine the next correct character in the API key, enabling authentication bypass. The issue is resolved in ver...
PT-2025-41009
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.11.0rc2 Description vLLM is an inference and serving engine for large language models LLMs. The API key validation mechanism in versions prior to 0.11.0rc2 is susceptible to a timing attack. The string comparison used...