Description

A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources.

INFO

Published Date :

2025-07-01T13:16:17.180Z

Last Modified :

2025-11-20T20:59:11.209Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-6920 vulnerability.

Vendors Products
Redhat
  • Ai Inference Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6920.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-6920 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2375522 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-6920 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-6920 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact