exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2025-46570

7 месяцев назад

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.

CVSS3: 2.6

EPSS: Низкий

CVE-2025-46570

7 месяцев назад

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.

CVSS3: 2.6

EPSS: Низкий

CVE-2025-46570

7 месяцев назад

vLLM is an inference and serving engine for large language models (LLM ...

CVSS3: 2.6

EPSS: Низкий

GHSA-4qjh-9fv9-r85r

7 месяцев назад

Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching

CVSS3: 2.6

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-46570 vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.	CVSS3: 2.6	0% Низкий	7 месяцев назад
CVE-2025-46570 vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.	CVSS3: 2.6	0% Низкий	7 месяцев назад
CVE-2025-46570 vLLM is an inference and serving engine for large language models (LLM ...	CVSS3: 2.6	0% Низкий	7 месяцев назад
GHSA-4qjh-9fv9-r85r Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching	CVSS3: 2.6	0% Низкий	7 месяцев назад

Уязвимостей на страницу