CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

May 29, 2025

CVE ID : CVE-2025-46570

Published : May 29, 2025, 5:15 p.m. | 4 hours, 18 minutes ago

Description : vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.

Severity: 2.6 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46722 – VLLM Image Hash Collision Vulnerability

Next Article CVE-2024-51392 – OpenKnowledgeMaps Headstart Remote Privilege Escalation

Highlights

CVE-2025-0917 – IBM Cognos Analytics Stored Cross-Site Scripting

June 11, 2025

CVE ID : CVE-2025-0917

Published : June 11, 2025, 6:15 p.m. | 2 hours, 13 minutes ago

Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Best Cheap Web Hosting in Bangladesh

Rilasciato Wayfire 0.10: il compositore 3D per Wayland introduce il supporto a Vulkan

isort – Python utility and library to sort imports

Razer sent me “gamer” snacks and a lamp — so I found out how they taste

CVE-2025-0917 – IBM Cognos Analytics Stored Cross-Site Scripting

NVIDIA’s RTX 5050 specs leaked: 2560 CUDA cores, GDDR6 memory, and Blackwell chip

CVE-2025-6813 – Apacheaapanel WordPress Privilege Escalation Vulnerability

Parse Localized Numbers with Laravel’s Number Class

CVE-2025-46570 – Apache vLLM PageAttention Chunk Prefill Timing Vulnerability

Related Posts