CVE-2025-62426
- Source
- https://cve.org/CVERecord?id=CVE-2025-62426
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62426.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62426
- Aliases
- Related
- Published
- 2025-11-21T01:21:29.546Z
- Modified
- 2026-04-10T05:33:02.497610Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
- Details
-
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long periods of time, delaying all other requests. This issue has been patched in version 0.11.1.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62426.json", "cwe_ids": [ "CWE-770" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610
- https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62426.json
- https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p
- https://nvd.nist.gov/vuln/detail/CVE-2025-62426
- https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b
- https://github.com/vllm-project/vllm/pull/27205
Affected packages
Git / github.com/vllm-project/vllm
Affected versions
v0.*
v0.10.0
v0.10.0rc1
v0.10.0rc2
v0.10.1rc1
v0.10.2rc1
v0.10.2rc2
v0.11.0rc1
v0.11.1rc0
v0.11.1rc1
v0.11.1rc2
v0.11.1rc3
v0.11.1rc4
v0.11.1rc5
v0.11.1rc6
v0.5.5
v0.6.0
v0.6.1
v0.6.1.post1
v0.6.1.post2
v0.6.2
v0.6.3
v0.6.3.post1
v0.6.4
v0.6.4.post1
v0.6.5
v0.6.6
v0.6.6.post1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0rc1
v0.8.0rc2
v0.8.1
v0.8.2
v0.8.3rc1
v0.8.4
v0.9.0
v0.9.1
v0.9.1rc1
v0.9.1rc2
v0.9.2rc1