Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-12612 | phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service |
EUVD |
EUVD-2025-12671 | phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service |
Github GHSA |
GHSA-vc6m-hm49-g9qg | phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 28 May 2025 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Vllm
Vllm vllm |
|
| CPEs | cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Vllm
Vllm vllm |
Fri, 02 May 2025 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Wed, 30 Apr 2025 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 30 Apr 2025 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens (e.g., <|audio_|>, <|image_|>) with repeated tokens based on precomputed lengths. Due to inefficient list concatenation operations, the algorithm exhibits quadratic time complexity (O(n²)), allowing malicious actors to trigger resource exhaustion via specially crafted inputs. This issue has been patched in version 0.8.5. | |
| Title | vLLM phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service | |
| Weaknesses | CWE-1333 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-04-30T13:09:13.422Z
Reserved: 2025-04-24T21:10:48.174Z
Link: CVE-2025-46560
Updated: 2025-04-30T13:09:04.715Z
Status : Analyzed
Published: 2025-04-30T01:15:52.097
Modified: 2025-05-28T19:15:56.887
Link: CVE-2025-46560
OpenCVE Enrichment
No data.
EUVD
Github GHSA