CVE-2025-62372

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0

Description vLLM is an inference and serving engine for large language models (LLMs). Users can cause the vLLM engine to crash when serving multimodal models by providing multimodal embedding inputs with a correct number of dimensions (ndim) but an incorrect shape, such as a wrong hidden dimension. This occurs regardless of whether the model is designed to handle such inputs.

Recommendations Update to version 0.11.1 or later.