PT-2025-9703 · Unknown · Vllm Aibrix

Kexinoh

·

Publicado

2025-03-04

·

Atualizado

2025-03-05

·

CVE-2025-1953

CVSS v4.0

2.1

Baixa

VetorAV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions vLLM AIBrix version 0.2.0
Description A vulnerability has been found in the Prefix Caching component, specifically in the file pkg/plugins/gateway/prefixcacheindexer/hash.go. This issue leads to insufficiently random values. The complexity of an attack is rather high, and the exploitation appears to be difficult.
Recommendations For vLLM AIBrix version 0.2.0, upgrade to version 0.3.0 to address this issue. It is recommended to upgrade the affected Prefix Caching component.

Correção

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330CWE-310

Identificadores relacionados

CVE-2025-1953

Produtos afetados

Vllm Aibrix