### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: VLLM prompt_embs deserialize allows DoS and potential RCE - **CVE ID**: [CVE-2025-62164](#) #### Affected Versions - **Affected Versions**: >= 0.10.2 - **Fixed Version**: None #### Vulnerability Details - **Attack Vector**: Network - **Severity**: High (8.8/10) - **CVSS 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H** #### Vulnerability Description - **Root Cause**: Due to PyTorch 2.8.0 disabling sparse tensor integrity checks by default, maliciously crafted tensors provided by users can bypass validation, leading to out-of-bounds memory access, service crashes, and potential remote code execution. - **Location of Vulnerability**: In the `Completions API` endpoint of `vLLM` version `0.10.2` and later. - **Core Issue**: Insufficient validation when processing user-provided serialized prompt embedding tensors. Calling `to_dense()` may trigger out-of-bounds memory writes. The specific code issue is located at `vLLM/entrypoints/renderer.py:148`. #### Exploitation Requirements - **Required Privileges**: Low - **User Interaction**: None #### Impact - **Any user with access to this API can exploit the vulnerability**, causing service crashes and potential remote code execution (RCE) on the server process. - **Denial of Service (DoS) and potential Remote Code Execution (RCE)**. #### Remediation - **Fix Status**: No fixed version available - **Recommended Fix Issue**: #27204 #### Discovery and Acknowledgments - **Discoverers**: AXION Security Research Team (Omri Fainaro, Bary Levy) - **Coordinators and Fix Contributors**: Russellb, DarkLight1337, Isot0py, ywang96