PT-2025-9703 · Unknown · Vllm Aibrix

Kexinoh

Published

2025-03-04

Updated

2025-03-05

CVE-2025-1953

CVSS v4.0

2.1

Low

Vector

AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions vLLM AIBrix version 0.2.0

Description A vulnerability has been found in the Prefix Caching component, specifically in the file pkg/plugins/gateway/prefixcacheindexer/hash.go. This issue leads to insufficiently random values. The complexity of an attack is rather high, and the exploitation appears to be difficult.

Recommendations For vLLM AIBrix version 0.2.0, upgrade to version 0.3.0 to address this issue. It is recommended to upgrade the affected Prefix Caching component.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-310

Related Identifiers

CVE-2025-1953

Affected Products

Vllm Aibrix

PT-2025-9703 · Unknown · Vllm Aibrix

CVE-2025-1953

Weakness Enumeration

Related Identifiers

Affected Products

References · 12