CVE-2025-62372: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
(updated )
Users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page).
The issue has existed ever since we added support for image embedding inputs, i.e. #6613 (released in v0.5.5)
References
- github.com/advisories/GHSA-pmqf-x6x8-p7qw
- github.com/vllm-project/vllm
- github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b
- github.com/vllm-project/vllm/pull/27204
- github.com/vllm-project/vllm/pull/6613
- github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw
- nvd.nist.gov/vuln/detail/CVE-2025-62372
Code Behaviors & Features
Detect and mitigate CVE-2025-62372 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →