CVE-2025-62164

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.11.0

Description vLLM is an inference and serving engine for large language models (LLMs). A memory corruption issue exists in the Completions API endpoint, specifically when processing user-supplied prompt embeddings. The endpoint utilizes torch.load() without adequate validation, and due to changes in PyTorch 2.8.0 disabling sparse tensor integrity checks by default, maliciously crafted tensors can bypass security measures. This can lead to out-of-bounds memory writes during the to dense() function call, potentially causing a crash (denial-of-service) and remote code execution (RCE) on the server. The vulnerability is triggered by loading serialized tensors without sufficient validation.

Recommendations Update vLLM to version 0.11.1.