Description

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.

INFO

Published Date :

2025-05-29T16:32:42.794Z

Last Modified :

2025-05-29T18:05:10.768Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46570 vulnerability.

Vendors Products
Vllm
  • Vllm
Vllm-project
  • Vllm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46570.

URL Resource
https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f cve-icon cve-icon cve-icon
https://github.com/vllm-project/vllm/pull/17045 cve-icon cve-icon cve-icon
https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-46570 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-46570 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact