← Back

CVE-2025-62426

nvd nist
Published: Nov 21, 2025Modified: Jun 17, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: security-advisories@github.com (Secondary)

Description

vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chat_template_kwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chat_template_kwargs parameters, it is possible to block processing of the API server for long periods of time, delaying all other requests. This issue has been patched in version 0.11.1.

Affected (3)

Products: Vllm: Vllm
1 product
Vllm
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Vllm
From 0.5.5 to 0.11.1
Version 0.11.1 rc0
Version 0.11.1 rc1

Timeline

No history available yet.