CVE-2025-46722 is a medium-severity vulnerability affecting the vLLM inference and serving engine for large language models (LLMs), specifically versions from 0.7.0 up to but not including 0.9.0. The vulnerability resides in the MultiModalHasher class within the file vllm/multimodal/hasher.py. The issue stems from the way image objects (PIL.Image.Image) are serialized for hashing. The current implementation uses only the raw pixel data obtained via obj.tobytes(), which excludes critical metadata such as image dimensions (width, height) and mode. This omission can cause distinct images with different sizes but identical raw pixel byte sequences to produce the same hash value. Such hash collisions can lead to incorrect cache hits, undermining data integrity and potentially causing data leakage or security risks. For example, an attacker might exploit this to retrieve or manipulate cached data associated with a different image, leading to unauthorized data exposure or corruption. The vulnerability does not require user interaction but does require low privileges to exploit, and the attack vector is network-based. The issue has been addressed in vLLM version 0.9.0 by presumably including image metadata in the hashing process to ensure uniqueness and consistency. The CVSS v3.1 base score is 4.2, reflecting a medium severity with limited confidentiality impact, no integrity impact, and low availability impact.

For European organizations utilizing vLLM versions between 0.7.0 and 0.9.0, this vulnerability could undermine the reliability of image-based caching mechanisms within AI inference workflows. Incorrect cache hits due to hash collisions may lead to serving incorrect or stale data, potentially degrading the quality of AI model outputs or causing erroneous decisions in automated systems. In sensitive environments such as healthcare, finance, or critical infrastructure where LLMs might process multimodal data including images, this could result in data leakage or exposure of confidential information. Although the direct impact on integrity is limited, the risk of data leakage and availability degradation could affect compliance with European data protection regulations like GDPR. Additionally, organizations relying on vLLM for AI services may face operational disruptions or reputational damage if the vulnerability is exploited. However, the vulnerability requires network access and low privileges, which somewhat limits the attack surface. No known exploits are currently reported in the wild, reducing immediate risk but warranting proactive patching.

European organizations should upgrade vLLM to version 0.9.0 or later, where the vulnerability is patched by incorporating image metadata into the hashing process to prevent collisions. Until upgrade is feasible, organizations should consider disabling or restricting the use of the MultiModalHasher component for image hashing or implement additional validation checks to verify image dimensions and metadata before caching. Employ network segmentation and strict access controls to limit exposure of vLLM services to trusted users and systems only. Monitoring cache hit/miss patterns for anomalies could help detect exploitation attempts. Additionally, organizations should review and audit AI inference pipelines that process images to ensure no sensitive data leakage occurs due to caching errors. Incorporating image hashing libraries with proven collision resistance or cryptographic hashing methods that include metadata can further mitigate risks. Finally, maintain up-to-date vulnerability management processes to promptly apply patches and monitor vendor advisories.