vLLM 0.2.0

CPE Details

vLLM 0.2.0
vllm
vllm
0.2.0
2025-05-13
10h23 +00:00
2025-05-13
10h23 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vllm:vllm:0.2.0:*:*:*:*:*:*:*

Informations

Vendor

vllm

Product

vllm

Version

0.2.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-46570 2025-05-29 16h32 +00:00 vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.
2.6
Low
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.