CVE-2025-62372 is a vulnerability classified under CWE-129 (Improper Validation of Array Index) affecting the vLLM project, an inference and serving engine for large language models (LLMs). The flaw exists in versions from 0.5.5 up to but not including 0.11.1. The vulnerability allows an attacker to crash the vLLM engine by submitting multimodal embedding inputs that have the correct number of dimensions (ndim) but an incorrect shape, specifically an incorrect hidden dimension size. This improper input validation leads to out-of-bounds array indexing or similar memory errors, causing the inference engine to crash and resulting in denial of service. The vulnerability does not require authentication or user interaction and can be exploited remotely, making it a network-exploitable flaw with a high impact on availability. The issue is particularly relevant when serving multimodal models, regardless of whether the model officially supports such inputs. The vendor patched the vulnerability in version 0.11.1, addressing the improper validation logic. No known exploits are currently reported in the wild, but the ease of triggering a crash and the critical role of vLLM in AI inference environments make this a significant threat. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, but high impact on availability. This vulnerability could disrupt AI services relying on vLLM, affecting workflows and dependent applications.

For European organizations, the primary impact of CVE-2025-62372 is denial of service (DoS) against AI inference services using vulnerable versions of vLLM. This can cause downtime or degraded performance in AI-driven applications, including natural language processing, multimodal AI services, and other LLM-based solutions. Organizations relying on vLLM for critical AI workloads, such as research institutions, cloud service providers, and enterprises deploying AI-powered customer services, may experience operational disruptions. The vulnerability could also be leveraged as part of a broader attack to degrade AI capabilities or disrupt business continuity. Given the increasing adoption of AI technologies across Europe, especially in sectors like finance, healthcare, and manufacturing, service interruptions could have cascading effects on productivity and service delivery. Additionally, the lack of authentication and user interaction requirements means attackers can exploit this remotely, increasing the risk of widespread impact. While no data confidentiality or integrity impact is indicated, availability loss alone can be costly and damaging to reputation.

1. Upgrade all vLLM deployments to version 0.11.1 or later immediately to apply the official patch that fixes the improper validation issue. 2. Implement strict input validation and sanitization at the application layer to verify embedding input shapes before passing them to vLLM, rejecting malformed or unexpected inputs. 3. Deploy runtime monitoring and anomaly detection to identify unusual input patterns or repeated crashes indicative of exploitation attempts. 4. Use containerization or sandboxing to isolate vLLM processes, limiting the blast radius of potential crashes. 5. Maintain robust incident response plans to quickly recover AI inference services in case of denial of service. 6. Coordinate with AI model providers and infrastructure teams to ensure compatibility and security of multimodal model inputs. 7. Regularly audit and update AI serving infrastructure to keep pace with security patches and best practices. 8. Consider network-level protections such as rate limiting and filtering to reduce exposure to malicious input submissions.