CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

May 29, 2025

CVE ID : CVE-2025-46570

Published : May 29, 2025, 5:15 p.m. | 4 hours, 18 minutes ago

Description : vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.

Severity: 2.6 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46722 – VLLM Image Hash Collision Vulnerability

Next Article CVE-2024-51392 – OpenKnowledgeMaps Headstart Remote Privilege Escalation

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Kong AI Gateway 3.11 introduces new method for reducing token costs

Native vs hybrid vs cross-platform: Resolving the trilemma

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

You’ve got to try these 5 premium Minecraft add-ons — Dinosaurs, security systems, and more really shake up Bedrock Edition

This Microsoft pay scale reveals AI pros are making bank — with compensation packages reaching up to $336,000/year

ZeniMax QA testers face whiplash and “rancid” work morale following Microsoft’s gaming layoffs — but the union still fights

The details of TC39’s last meeting

The details of TC39’s last meeting

Vector Search Embeddings and RAG

Python Meets Power Automate: Trigger via URL

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

You’ve got to try these 5 premium Minecraft add-ons — Dinosaurs, security systems, and more really shake up Bedrock Edition

This Microsoft pay scale reveals AI pros are making bank — with compensation packages reaching up to $336,000/year

CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

I’m in love with Microsoft’s limited-edition 50th anniversary wallpapers — Here’s how to get them

CVE-2025-48744 – Apache SIGB PMB Remote Code Execution and Local File Inclusion Vulnerability

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113)

“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation

LockedIn AI Launches 100% Hidden Desktop App to Crack Any Interview

CVE-2025-20298 – Splunk Universal Forwarder Windows Privilege Escalation Vulnerability

CVE-2025-53852 – Apache HTTP Server Remote Code Execution

Japachar – learn Japanese characters

CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

Related Posts