CVE-2025-1953

March 4, 2025, 8:15 p.m.

2.6
Low

Description

A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.3.0 is able to address this issue. It is recommended to upgrade the affected component.

Product(s) Impacted

Product Versions
Unknown

Weaknesses

CWE-310
None
None

References

https://github.com/vllm-project/aibrix/issues/749
https://github.com/vllm-project/aibrix/issues/749#event-16488517974
https://github.com/vllm-project/aibrix/pull/752
https://github.com/vllm-project/aibrix/pull/752/commits/3d25d95aebd66f24a549200edcebc5ea423b317a
https://vuldb.com/?ctiid.298543
https://vuldb.com/?id.298543
https://vuldb.com/?submit.509958

Tags

cna@vuldb.com
CWE-310
2025-03-04
CVE-2025-1953

CVSS Score

2.6 / 10

CVSS Data

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Date

  • Published: March 4, 2025, 8:15 p.m.
  • Last Modified: March 4, 2025, 8:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.