CVE-2025-46570

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.9.0

Description The issue arises from the prefix caching mechanism in vLLM, which may expose the system to a timing side-channel attack. When a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, reflected in the Time to First Token (TTFT). The timing differences caused by matching chunks are significant enough to be recognized and exploited, potentially leading to the leakage of private information. An attacker could attempt to guess a victim's input by measuring the TTFT based on prefix matches, allowing them to verify if their guess is correct.

Recommendations For versions prior to 0.9.0, update to version 0.9.0 to resolve the issue. As a temporary workaround, consider adjusting the chunk size parameter to minimize the risk of exploitation. Restrict access to sensitive prompts and valuable system prompts to minimize the risk of private information leakage. Avoid using the PageAttention mechanism with short prefix lengths, as it may increase the vulnerability to timing side-channel attacks.