Listen to this Post
How the CVE Works
CVE-2025-46722 affects vLLM, an LLM inference engine, in versions 0.7.0 to 0.9.0. The vulnerability lies in vllm/multimodal/hasher.py, where the `MultiModalHasher` class generates image hashes using only raw pixel data (obj.tobytes()), ignoring metadata like image dimensions. This flaw allows two differently sized images (e.g., 30×100 and 100×30) with identical pixel sequences to produce the same hash, leading to cache collisions, incorrect cache hits, and potential data leakage. The issue is fixed in v0.9.0 by including metadata in the hash computation.
DailyCVE Form
Platform: vLLM
Version: 0.7.0-0.9.0
Vulnerability: Hash collision
Severity: Medium
Date: 06/24/2025
Prediction: Patch expected by 07/15/2025
What Undercode Say
Example vulnerable code (pre-patch): hash = PIL.Image.tobytes() Patched version: hash = (PIL.Image.tobytes() + str(img.shape).encode())
How Exploit
- Craft two images with same pixels but different dimensions.
- Trigger cache poisoning via hash collision.
- Bypass security checks via false cache hits.
Protection from this CVE
- Upgrade to v0.9.0+.
- Validate image metadata separately.
- Monitor cache integrity.
Impact
- Data leakage risks.
- Incorrect LLM outputs.
- Cache manipulation.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
