CVE-2025-62372
unknown
CVSS v3
—
VIR risk
—
Description
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | vllm | >=0.5.5,<0.11.1 | 0.11.1 |
References
- https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw
- https://nvd.nist.gov/vuln/detail/CVE-2025-62372
- https://github.com/vllm-project/vllm/pull/27204
- https://github.com/vllm-project/vllm/pull/6613
- https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b
- https://github.com/vllm-project/vllm
💬 Discuss CVE-2025-62372 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.