{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25183", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-02-03T19:30:53.399Z", "datePublished": "2025-02-07T19:59:01.370Z", "dateUpdated": "2025-02-12T20:51:46.402Z"}, "containers": {"cna": {"title": "vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache", "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "lang": "en", "description": "CWE-354: Improper Validation of Integrity Check Value", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8"}, {"name": "https://github.com/vllm-project/vllm/pull/12621", "tags": ["x_refsource_MISC"], "url": "https://github.com/vllm-project/vllm/pull/12621"}, {"name": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7", "tags": ["x_refsource_MISC"], "url": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7"}], "affected": [{"vendor": "vllm-project", "product": "vllm", "versions": [{"version": "< 0.7.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-07T19:59:01.370Z"}, "descriptions": [{"lang": "en", "value": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-rm76-4mrf-v9r8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25183", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-07T20:33:57.205558Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:51:46.402Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25183", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-07T20:33:57.205558Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:48:59.400Z"}}], "cna": {"title": "vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache", "source": {"advisory": "GHSA-rm76-4mrf-v9r8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "vllm-project", "product": "vllm", "versions": [{"status": "affected", "version": "< 0.7.2"}]}], "references": [{"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8", "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vllm-project/vllm/pull/12621", "name": "https://github.com/vllm-project/vllm/pull/12621", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7", "name": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "CWE-354: Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-07T19:59:01.370Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25183", "state": "PUBLISHED", "dateUpdated": "2025-02-12T20:51:46.402Z", "dateReserved": "2025-02-03T19:30:53.399Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-02-07T19:59:01.370Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5911C1A-F107-4B9B-BAE9-36A2B5181321", "versionEndExcluding": "0.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "vLLM es un motor de inferencia y servicio de alto rendimiento y uso eficiente de la memoria para LLM. Las declaraciones construidas de forma malintencionada pueden provocar colisiones de hash, lo que da como resultado la reutilizaci\u00f3n de la memoria cach\u00e9, lo que puede interferir con las respuestas posteriores y provocar un comportamiento no deseado. El almacenamiento en cach\u00e9 de prefijos utiliza la funci\u00f3n hash() incorporada de Python. A partir de Python 3.12, el comportamiento de hash(None) ha cambiado para ser un valor constante predecible. Esto hace que sea m\u00e1s factible que alguien pueda intentar explotar las colisiones de hash. El impacto de una colisi\u00f3n ser\u00eda el uso de la memoria cach\u00e9 generada con un contenido diferente. Dado el conocimiento de los mensajes en uso y el comportamiento predecible del hash, alguien podr\u00eda rellenar intencionalmente la memoria cach\u00e9 utilizando un mensaje que se sabe que colisiona con otro mensaje en uso. Este problema se ha solucionado en la versi\u00f3n 0.7.2 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."}], "id": "CVE-2025-25183", "lastModified": "2025-07-01T20:58:00.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-02-07T20:15:34.083", "references": [{"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/vllm-project/vllm/pull/12621"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "vllm: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache", "id": "2344292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344292"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-916", "details": ["vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "A flaw was found in the vllm package. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. The impact of a collision would be using a cache that was generated using different content. With the knowledge of the prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use."], "mitigation": {"lang": "en:us", "value": "Using a hashing algorithm that is less prone to collision, such as sha256, for example, would be the best way to avoid the possibility of a collision."}, "name": "CVE-2025-25183", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-aws-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-azure-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-gcp-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-ibm-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}], "public_date": "2025-02-06T20:00:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-25183\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-25183\nhttps://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7\nhttps://github.com/python/cpython/pull/99541\nhttps://github.com/vllm-project/vllm\nhttps://github.com/vllm-project/vllm/commit/73b35cca7f3745d07d439c197768b25d88b6ab7f\nhttps://github.com/vllm-project/vllm/pull/12621\nhttps://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8"], "threat_severity": "Low"}

{}