CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

May 29, 2025

CVE ID : CVE-2025-46570

Published : May 29, 2025, 5:15 p.m. | 4 hours, 18 minutes ago

Description : vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.

Severity: 2.6 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46722 – VLLM Image Hash Collision Vulnerability

Next Article CVE-2024-51392 – OpenKnowledgeMaps Headstart Remote Privilege Escalation

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

The Alters: Release date, mechanics, and everything else you need to know

I’ve fallen hard for Starsand Island, a promising anime-style life sim bringing Ghibli vibes to Xbox and PC later this year

This new official Xbox 4TB storage card costs almost as much as the Xbox SeriesXitself

I may have found the ultimate monitor for conferencing and productivity, but it has a few weaknesses

May report 2025

May report 2025

Write more reliable JavaScript with optional chaining

Deploying a Scalable Next.js App on Vercel – A Step-by-Step Guide

The Alters: Release date, mechanics, and everything else you need to know

The Alters: Release date, mechanics, and everything else you need to know

I’ve fallen hard for Starsand Island, a promising anime-style life sim bringing Ghibli vibes to Xbox and PC later this year

This new official Xbox 4TB storage card costs almost as much as the Xbox SeriesXitself

CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More

Exploitation Risk Grows for Critical Cisco Bug

Nvidia dominates in gen AI benchmarks, clobbering 2 rival AI chips

Governing the ML lifecycle at scale, Part 4: Scaling MLOps with security and governance controls

Cyberpunk 2077 sequel enters pre-production as Phantom Liberty crosses 10 million copies sold

Volet is a Customer Feedback Widget for Laravel

Suspected Cyberattack on DU Emirates: Over 360 GB of Data Allegedly Stolen and Up for Sale

META Stealer Enhances Stealth with Cryptographic Builds in v5.0 Update

I saved $30 a month by using these portable solar panels in my backyard

SlideModel Review: Professional PowerPoint Templates for Serious Presenters

CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

Related Posts