CVE-2025-11915

HTTP Desynchronisation in Vertex AI for certain third-party models

Description

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.

INFO

Published Date :

2025-10-22T09:13:24.601Z

Last Modified :

2025-10-23T09:23:21.342Z

Source :

GoogleCloud

AFFECTED PRODUCTS

The following products are affected by CVE-2025-11915 vulnerability.

Vendors	Products
Google	Cloud Platform
Google Cloud	Vertex Ai

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11915.

URL	Resource
https://cloud.google.com/vertex-ai/generative-ai/docs/security-bulletins#gcp-2025-059

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability