CVE-2025-62372 is a vulnerability classified under CWE-129 (Improper Validation of Array Index) found in the vLLM project, an inference and serving engine for large language models (LLMs). The vulnerability exists in versions from 0.5.5 to before 0.11.1. It allows an attacker to crash the vLLM engine by sending multimodal embedding inputs that have the correct number of dimensions (ndim) but an incorrect shape, specifically an invalid hidden dimension size. This malformed input triggers improper array index validation within the engine, leading to a denial-of-service (DoS) condition by crashing the service. The vulnerability does not require authentication or user interaction, and the attack vector is network-based, making it remotely exploitable. The flaw affects the availability of the service but does not impact confidentiality or integrity. The vulnerability was publicly disclosed on November 21, 2025, with a CVSS v4.0 score of 8.3 (high severity), reflecting its ease of exploitation and significant impact on service availability. The issue has been addressed and patched in vLLM version 0.11.1. No known exploits have been reported in the wild as of the publication date. The vulnerability is particularly relevant for organizations deploying multimodal LLMs using vLLM, as the attack exploits input shapes that the model may not be designed to handle, regardless of the model's intended support for such inputs.

For European organizations, the primary impact of CVE-2025-62372 is the potential for denial-of-service attacks against AI inference services running vLLM versions 0.5.5 to before 0.11.1. This can disrupt critical AI-driven applications, including natural language processing, multimodal data analysis, and other AI services that rely on vLLM for inference. Service outages could affect customer-facing applications, internal AI workflows, and research activities, leading to operational downtime and potential financial losses. Since the vulnerability does not affect confidentiality or integrity, data breaches are unlikely; however, the availability impact can degrade trust in AI services and delay business processes. Organizations heavily invested in AI and machine learning infrastructure, especially those offering AI-as-a-service or integrating LLMs into their products, face increased risk. The lack of required authentication lowers the barrier for attackers, increasing the likelihood of exploitation if vulnerable versions are exposed to untrusted networks. Additionally, the growing adoption of multimodal models in Europe heightens the relevance of this vulnerability.

1. Immediate upgrade to vLLM version 0.11.1 or later, which contains the patch for this vulnerability. 2. Implement strict input validation on all inference endpoints to verify not only the number of dimensions but also the expected shape and size of embedding inputs before processing. 3. Deploy network-level protections such as Web Application Firewalls (WAFs) or API gateways to detect and block malformed or anomalous requests targeting inference services. 4. Apply rate limiting and anomaly detection to reduce the risk of denial-of-service attempts exploiting this vulnerability. 5. Isolate AI inference services within secure network segments and restrict access to trusted clients where possible. 6. Monitor logs and telemetry for unusual crashes or malformed input patterns indicative of exploitation attempts. 7. Engage in regular vulnerability scanning and penetration testing focused on AI infrastructure to identify similar issues proactively. 8. Educate development and operations teams about the importance of validating input shapes and dimensions in AI model serving environments.