← Back

CVE-2025-6920

nvd nist
Published: Jul 1, 2025Modified: Aug 18, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: secalert@redhat.com (Secondary)

Description

A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources.

Affected (1)

Redhat
1 product
Ai Inference Server
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ai Inference Server
All versions

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Issue TrackingVendor Advisory

Timeline

No history available yet.