Home > Vulnerability Database > CVE-2025-62372

Mend.io Vulnerability Database

CVE-2025-62372

Good to know:

Date: November 20, 2025

vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.

Severity Score

6.5

Related Resources (7)

Url: https://github.com/vllm-project/vllm/pull/27204

Url: https://github.com/vllm-project/vllm/pull/6613

Url: https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62372

Url: https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw

Url: https://github.com/vllm-project/vllm

Url: https://www.mend.io/vulnerability-database/CVE-2025-62372

Severity Score

6.5

Weakness Type (CWE)

Improper Validation of Array Index

CWE-129

Top Fix

Upgrade Version

Upgrade to version vllm - 0.11.1;https://github.com/vllm-project/vllm.git - v0.11.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62372

Good to know:

Date: November 20, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?