CVE-2025-59425Covert Timing Channel in Vllm

CWE-385Covert Timing ChannelCWE-208Observable Timing Discrepancy4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vllm-project VllmVllm
Timeline
PublishedOct 7

Description

vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided API key gets correct. Data analysis across many attempts could allow an attacker to determine when it finds the next correct character in the key sequence. Deployments relying on vLLM's built-in API key

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDvllm/vllm< 0.11.0+1
PyPIvllm/vllm< 0.11.0
CVEListV5vllm-project/vllm< 0.11.0rc2

Patches

Patch: github.com

🔴Vulnerability Details

2
OSV
vLLM is vulnerable to timing attack at bearer auth2025-10-07
GHSA
vLLM is vulnerable to timing attack at bearer auth2025-10-07

📋Vendor Advisories

1
Red Hat
vllm: Timing Attack in vLLM API Token Verification Leading to Authentication Bypass2025-10-07