Lucene search
K

5 matches found

NVD
NVD
added 2025/10/07 2:15 p.m.7 views

CVE-2025-59425

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

7.5CVSS0.00538EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/07 2:6 p.m.1 views

CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

7.5CVSS6.6AI score0.00538EPSS
Exploits1References4
OSV
OSV
added 2025/10/07 2:6 p.m.9 views

CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

7.5CVSS6.7AI score0.00538EPSS
Exploits1References6
CVE
CVE
added 2025/10/07 2:6 p.m.21 views

CVE-2025-59425

CVE-2025-59425 affects vLLM prior to 0.11.0rc2, where API key validation used a string comparison that leaks timing information. Attackers observing responses over many attempts could determine the next correct character in the API key, enabling authentication bypass. The issue is resolved in ver...

7.5CVSS6.6AI score0.00538EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.4 views

PT-2025-41009

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.11.0rc2 Description vLLM is an inference and serving engine for large language models LLMs. The API key validation mechanism in versions prior to 0.11.0rc2 is susceptible to a timing attack. The string comparison used...

7.5CVSS6.7AI score0.00538EPSS
Exploits1References8
Rows per page
Query Builder