Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-62372

HIGH8.3

vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

Published Nov 21, 2025

Modified 1 months ago

No fix available

Details

vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.

References

WEBhttps://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b WEBhttps://github.com/vllm-project/vllm/pull/27204 WEBhttps://github.com/vllm-project/vllm/pull/6613 WEBhttps://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-62372

CVSS Analysis

CVSS v4.0

8.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

HighSA:H

8.3/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedNov 21, 2025

ModifiedNov 24, 2025

CVE-2025-62372 | Mondoo Vulnerability Intelligence