EXECUTIVE SUMMARY:
A high-severity CVE-2025-62164, CVSS 8.8 vulnerability in the vLLM inference engine versions 0.10.2 to before 0.11.1 allows attackers to submit malicious prompt embeddings to the Completions API, triggering a memory-corruption bug (due to unsafe deserialization via torch.load) that can lead to denial-of-service or even remote code execution.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
A high-severity CVE-2025-62164, CVSS 8.8 vulnerability in the vLLM inference engine versions 0.10.2 to before 0.11.1 allows attackers to submit malicious prompt embeddings to the Completions API, triggering a memory-corruption bug (due to unsafe deserialization via torch.load) that can lead to denial-of-service or even remote code execution.[emaillocker id="1283"]
RECOMMENDATION:
We strongly recommend you update vLLM to version 0.11.1.
REFERENCES:
The following reports contain further technical details:
[/emaillocker]