PT-2025-47650 · Vllm · Vllm
Published
2025-11-20
·
Updated
2025-12-04
·
CVE-2025-62426
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
vLLM versions 0.5.5 through 0.11.0
Description
vLLM is an inference and serving engine for large language models (LLMs). The
/v1/chat/completions and /tokenize API endpoints accept a chat template kwargs request parameter that is not properly validated against the chat template. This allows a malicious actor to potentially block processing of the API server for an extended period, impacting all other requests. The chat template kwargs parameter is used in the code before validation.Recommendations
Update vLLM to version 0.11.1 or later.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vllm