Vulnerability Details CVE-2025-62426
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chat_template_kwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chat_template_kwargs parameters, it is possible to block processing of the API server for long periods of time, delaying all other requests. This issue has been patched in version 0.11.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.7%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610
- https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814
- https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b
- https://github.com/vllm-project/vllm/pull/27205
- https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p
Products affected by CVE-2025-62426
-
cpe:2.3:a:vllm:vllm:0.10.0
-
cpe:2.3:a:vllm:vllm:0.10.1
-
cpe:2.3:a:vllm:vllm:0.10.1.1
-
cpe:2.3:a:vllm:vllm:0.10.2
-
cpe:2.3:a:vllm:vllm:0.11.0
-
cpe:2.3:a:vllm:vllm:0.11.1
-
cpe:2.3:a:vllm:vllm:0.5.5
-
cpe:2.3:a:vllm:vllm:0.6.0
-
cpe:2.3:a:vllm:vllm:0.6.1
-
cpe:2.3:a:vllm:vllm:0.6.2
-
cpe:2.3:a:vllm:vllm:0.6.3
-
cpe:2.3:a:vllm:vllm:0.6.4
-
cpe:2.3:a:vllm:vllm:0.6.5
-
cpe:2.3:a:vllm:vllm:0.6.6
-
cpe:2.3:a:vllm:vllm:0.7.0
-
cpe:2.3:a:vllm:vllm:0.7.1
-
cpe:2.3:a:vllm:vllm:0.7.2
-
cpe:2.3:a:vllm:vllm:0.7.3
-
cpe:2.3:a:vllm:vllm:0.8.0
-
cpe:2.3:a:vllm:vllm:0.8.1
-
cpe:2.3:a:vllm:vllm:0.8.2
-
cpe:2.3:a:vllm:vllm:0.8.3
-
cpe:2.3:a:vllm:vllm:0.8.4
-
cpe:2.3:a:vllm:vllm:0.8.5
-
cpe:2.3:a:vllm:vllm:0.9.0
-
cpe:2.3:a:vllm:vllm:0.9.0.1
-
cpe:2.3:a:vllm:vllm:0.9.1
-
cpe:2.3:a:vllm:vllm:0.9.2