CVE-2025-46570Observable Timing Discrepancy in Vllm

CWE-208Observable Timing DiscrepancyCWE-203Observable Discrepancy5 documents4 sources
Severity
2.6LOWNVD
EPSS
0.2%
top 60.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vllm-project VllmVllm
Timeline
PublishedMay 29

Description

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages3 packages

NVDvllm/vllm< 0.9.0
PyPIvllm/vllm< 0.9.0+1
CVEListV5vllm-project/vllm< 0.9.0

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
CVE-2025-46570: vLLM is an inference and serving engine for large language models (LLMs)2025-05-29
GHSA
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching2025-05-28
OSV
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching2025-05-28

📋Vendor Advisories

1
Red Hat
vllm: vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel2025-05-29