How severe is CVE-2025-25183?

This vulnerability has a severity rating of LOW with a CVSS score of 2.6 out of 10.

What type of vulnerability is CVE-2025-25183?

This is classified as CWE-354, which is a common weakness in software security.

CVE-2025-25183 - LOW Severity | CVSS 2.6

Vulnerability Description

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-12973

LOW

CVSS:3.1(Low)

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

CWE-3542017

CVE-2019-10155

LOW

CVSS:3.1(Low)

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integr...

CWE-3542019

CVE-2024-23462

LOW

CVSS:3.3(Low)

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This...

CWE-3542024

CVE-2020-1879

LOW

CVSS:3.9(Low)

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to m...

CWE-3542020

CVE-2024-23461

MEDIUM

CVSS:4.2(Medium)

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on...

CWE-3542024

CVE-2021-20184

MEDIUM

CVSS:4.3(Medium)

It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.

CWE-3542021