cvelistv5 - cve-2025-59425

CVE-2025-59425 (GCVE-0-2025-59425)

Vulnerability from cvelistv5

Published

2025-10-07 14:06

Modified

2025-10-07 15:28

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-385 - Covert Timing Channel

Summary

vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided API key gets correct. Data analysis across many attempts could allow an attacker to determine when it finds the next correct character in the key sequence. Deployments relying on vLLM's built-in API key validation are vulnerable to authentication bypass using this technique. Version 0.11.0rc2 fixes the issue.

References

URL

	Vendor	Product	Version
	vllm-project	vllm	Version: < 0.11.0rc2

ghsa-wr9h-g72x-mwhm

Vulnerability from github

Published

2025-10-07 17:24

Modified

2025-10-07 17:24

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

vLLM is vulnerable to timing attack at bearer auth

Details

Summary

The API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force.

Details

https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274

API key validation used a string comparison that will take longer the more characters the provided API key gets correct. Data analysis across many attempts can allow an attacker to determine when it finds the next correct character in the key sequence.

Impact

Deployments relying on vLLM's built-in API key validation are vulnerable to authentication bypass using this technique.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vllm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-07T17:24:47Z",
    "nvd_published_at": "2025-10-07T14:15:38Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force.\n\n### Details\nhttps://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274\n\nAPI key validation used a string comparison that will take longer the more characters the provided API key gets correct. Data analysis across many attempts can allow an attacker to determine when it finds the next correct character in the key sequence.\n \n### Impact\nDeployments relying on vLLM\u0027s built-in API key validation are vulnerable to authentication bypass using this technique.",
  "id": "GHSA-wr9h-g72x-mwhm",
  "modified": "2025-10-07T17:24:47Z",
  "published": "2025-10-07T17:24:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vllm-project/vllm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/releases/tag/v0.11.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vLLM is vulnerable to timing attack at bearer auth"
}

CERTFR-2025-AVI-0967

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	File Integrity Monitoring pour VMware Tanzu Platform versions antérieures à 2.1.49
VMware	Tanzu Platform	Cloud Service Broker pour Azure pour VMware Tanzu Platform versions antérieures à 1.13.1
VMware	Tanzu Platform	AI Services pour VMware Tanzu Platform versions antérieures à 10.3.0
VMware	Tanzu Platform	Scheduler pour VMware Tanzu Platform versions antérieures à 2.0.21
VMware	Tanzu Platform	Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.4
VMware	Tanzu Platform	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T
VMware	Tanzu Platform	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T
VMware	Tanzu Platform	.NET Core Buildpack versions antérieures à 2.4.64
VMware	Tanzu Platform	VMware Tanzu Data Flow sur Tanzu Platform versions antérieures à 2.0.0
VMware	Tanzu Platform	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.4
VMware	Tanzu Platform	CredHub Secrets Management pour VMware Tanzu Platform versions antérieures à 1.6.7
VMware	Tanzu Platform	Extended App Support pour Tanzu Platform versions antérieures à 1.0.8
VMware	Tanzu Platform	Go Buildpack versions antérieures à 1.10.57
VMware	Tanzu Platform	VMware Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 10.1.0
VMware	Tanzu Platform	NodeJS Buildpack versions antérieures à 1.8.61
VMware	Tanzu Platform	Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.0
VMware	Tanzu Platform	Application Services pour VMware Tanzu Platform versions antérieures à 3.3.11
VMware	Tanzu Platform	IPsec Encryption pour VMware Tanzu Platform versions antérieures à 1.9.68

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36323	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36343	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-99	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36305	2025-11-04	vendor-advisory
Bulletin de sécurité VMware 36345	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-53	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-81	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2024-41	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36334	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36335	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36340	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36319	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36339	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36322	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36321	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-68	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36336	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36318	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36337	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36346	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-81	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36317	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36344	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36341	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36314	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2024-41	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36332	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36304	2025-11-04	vendor-advisory
Bulletin de sécurité VMware 36342	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36333	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-99	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36338	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-53	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-68	2025-11-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "File Integrity Monitoring pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.1.49",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Service Broker pour Azure pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.13.1",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Scheduler pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.21",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.4",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.64",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu Data Flow sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "CredHub Secrets Management pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.7",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.8",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.57",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.61",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Application Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.3.11",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "IPsec Encryption pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.9.68",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2025-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
    },
    {
      "name": "CVE-2025-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
    },
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2020-14621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2025-59830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2024-36138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
    },
    {
      "name": "CVE-2020-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2025-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2025-9231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2025-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
    },
    {
      "name": "CVE-2025-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
    },
    {
      "name": "CVE-2021-35586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
    },
    {
      "name": "CVE-2025-25186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
    },
    {
      "name": "CVE-2025-50102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
    },
    {
      "name": "CVE-2025-55248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2021-35567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
    },
    {
      "name": "CVE-2020-14579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
    },
    {
      "name": "CVE-2025-50100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2021-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
    },
    {
      "name": "CVE-2024-21890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
    },
    {
      "name": "CVE-2024-21896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2025-40026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2024-21068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
    },
    {
      "name": "CVE-2024-7409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7409"
    },
    {
      "name": "CVE-2025-30703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2021-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2021-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2025-50080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
    },
    {
      "name": "CVE-2024-6505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6505"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2020-14593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
    },
    {
      "name": "CVE-2025-50078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
    },
    {
      "name": "CVE-2020-14664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2020-14797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2020-14798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2024-43484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
    },
    {
      "name": "CVE-2025-24293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
    },
    {
      "name": "CVE-2025-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2022-21299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
    },
    {
      "name": "CVE-2020-2773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
    },
    {
      "name": "CVE-2024-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2020-14578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
    },
    {
      "name": "CVE-2025-21584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
    },
    {
      "name": "CVE-2020-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
    },
    {
      "name": "CVE-2025-58767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2020-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
    },
    {
      "name": "CVE-2025-54798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2020-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
    },
    {
      "name": "CVE-2022-21305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
    },
    {
      "name": "CVE-2020-14556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
    },
    {
      "name": "CVE-2025-50085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
    },
    {
      "name": "CVE-2020-14792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2025-41248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
    },
    {
      "name": "CVE-2024-3447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3447"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2022-21271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
    },
    {
      "name": "CVE-2025-61919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2025-27210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
    },
    {
      "name": "CVE-2025-61771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
    },
    {
      "name": "CVE-2025-61770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2023-46809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
    },
    {
      "name": "CVE-2024-21510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2020-14781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
    },
    {
      "name": "CVE-2025-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
    },
    {
      "name": "CVE-2025-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
    },
    {
      "name": "CVE-2025-61921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2024-38229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
    },
    {
      "name": "CVE-2025-47910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
    },
    {
      "name": "CVE-2025-23167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2024-43483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
    },
    {
      "name": "CVE-2025-50094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
    },
    {
      "name": "CVE-2021-35559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-58266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
    },
    {
      "name": "CVE-2025-50098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
    },
    {
      "name": "CVE-2022-21291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
    },
    {
      "name": "CVE-2025-50086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2023-38552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
    },
    {
      "name": "CVE-2021-35565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2025-58446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58446"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2024-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3446"
    },
    {
      "name": "CVE-2025-50082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
    },
    {
      "name": "CVE-2025-40027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
    },
    {
      "name": "CVE-2025-50097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-50084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
    },
    {
      "name": "CVE-2025-50079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-55193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
    },
    {
      "name": "CVE-2025-21574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
    },
    {
      "name": "CVE-2024-22019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2020-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
    },
    {
      "name": "CVE-2020-14796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
    },
    {
      "name": "CVE-2025-21580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2025-55754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
    },
    {
      "name": "CVE-2025-53023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
    },
    {
      "name": "CVE-2025-21575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-21577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2024-4467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4467"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2021-2369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-5642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
    },
    {
      "name": "CVE-2025-59425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
    },
    {
      "name": "CVE-2024-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
    },
    {
      "name": "CVE-2025-50096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2025-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
    },
    {
      "name": "CVE-2025-23165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
    },
    {
      "name": "CVE-2023-30584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2025-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
    },
    {
      "name": "CVE-2025-8713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2025-50088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
    },
    {
      "name": "CVE-2024-21892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2020-14581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
    },
    {
      "name": "CVE-2024-37372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
    },
    {
      "name": "CVE-2025-50077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2021-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
    },
    {
      "name": "CVE-2025-50092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
    },
    {
      "name": "CVE-2025-50099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
    },
    {
      "name": "CVE-2021-35588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
    },
    {
      "name": "CVE-2025-41244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2025-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2025-48989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
    },
    {
      "name": "CVE-2022-21365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
    },
    {
      "name": "CVE-2025-50093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2020-14782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-21579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2025-50087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2022-21434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
    },
    {
      "name": "CVE-2025-54410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
    },
    {
      "name": "CVE-2023-52970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2025-52434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
    },
    {
      "name": "CVE-2022-21294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2020-2755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
    },
    {
      "name": "CVE-2025-8714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
    },
    {
      "name": "CVE-2024-43485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
    },
    {
      "name": "CVE-2020-14779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2025-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2024-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
    },
    {
      "name": "CVE-2025-50091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2022-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
    },
    {
      "name": "CVE-2025-23166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2020-14583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
    },
    {
      "name": "CVE-2022-21340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
    },
    {
      "name": "CVE-2024-12254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2022-3358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
    },
    {
      "name": "CVE-2022-21293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2025-50104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
    },
    {
      "name": "CVE-2020-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
    },
    {
      "name": "CVE-2025-6242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
    },
    {
      "name": "CVE-2025-61772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
    },
    {
      "name": "CVE-2025-30722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2022-21282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
    },
    {
      "name": "CVE-2022-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2024-21891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2025-50101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2025-4207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2022-21248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2024-22017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2025-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
    },
    {
      "name": "CVE-2021-35564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
    },
    {
      "name": "CVE-2023-52969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
    },
    {
      "name": "CVE-2025-46551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
    },
    {
      "name": "CVE-2025-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
    },
    {
      "name": "CVE-2025-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2025-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2020-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
    },
    {
      "name": "CVE-2025-53864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2025-40025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
    },
    {
      "name": "CVE-2025-61620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
    },
    {
      "name": "CVE-2021-35556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
    },
    {
      "name": "CVE-2024-8244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2025-21502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
    },
    {
      "name": "CVE-2023-39331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
    },
    {
      "name": "CVE-2025-55315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
    },
    {
      "name": "CVE-2021-35560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
    },
    {
      "name": "CVE-2025-21581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2025-41242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2023-39332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
    },
    {
      "name": "CVE-2020-2756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
    },
    {
      "name": "CVE-2024-27980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2025-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
    },
    {
      "name": "CVE-2023-39333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    },
    {
      "name": "CVE-2025-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
    },
    {
      "name": "CVE-2025-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2025-61780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
    },
    {
      "name": "CVE-2021-35561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
    },
    {
      "name": "CVE-2022-21476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2022-21541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
    },
    {
      "name": "CVE-2025-27221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
    },
    {
      "name": "CVE-2022-21360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
    },
    {
      "name": "CVE-2022-21296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
    },
    {
      "name": "CVE-2022-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
    },
    {
      "name": "CVE-2025-50083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2024-36137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
    },
    {
      "name": "CVE-2020-14577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
    },
    {
      "name": "CVE-2025-49014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    }
  ],
  "initial_release_date": "2025-11-05T00:00:00",
  "last_revision_date": "2025-11-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0967",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36323",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36343",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326"
    },
    {
      "published_at": "2025-11-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36305",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36345",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36334",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36335",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36340",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36319",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36339",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36322",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36321",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36336",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36336"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36318",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36318"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36337",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36337"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36346",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36346"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36315"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36317",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36317"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36344",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36344"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36341",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36341"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36314",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36314"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36330"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36332",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36332"
    },
    {
      "published_at": "2025-11-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36304",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36304"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36342",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36342"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36333",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36333"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36327"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36338",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36338"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36328"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36325"
    }
  ]
}

fkie_cve-2025-59425

Vulnerability from fkie_nvd

Published

2025-10-07 14:15

Modified

2025-10-16 18:02

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274	Product
security-advisories@github.com	https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48	Patch
security-advisories@github.com	https://github.com/vllm-project/vllm/releases/tag/v0.11.0	Release Notes
security-advisories@github.com	https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	vllm	vllm	*
	vllm	vllm	0.11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A24E23-769D-4DB8-BF37-EEC71EE83630",
              "versionEndExcluding": "0.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vllm:vllm:0.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "46639D64-5C28-44F3-AE25-9212114AFC8E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided API key gets correct. Data analysis across many attempts could allow an attacker to determine when it finds the next correct character in the key sequence. Deployments relying on vLLM\u0027s built-in API key validation are vulnerable to authentication bypass using this technique. Version 0.11.0rc2 fixes the issue."
    }
  ],
  "id": "CVE-2025-59425",
  "lastModified": "2025-10-16T18:02:09.260",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-07T14:15:38.950",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/vllm-project/vllm/releases/tag/v0.11.0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-385"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-59425 (GCVE-0-2025-59425)

Vulnerability from cvelistv5

ghsa-wr9h-g72x-mwhm

Vulnerability from github

Summary

Details

Impact

CERTFR-2025-AVI-0967

Vulnerability from certfr_avis

Solutions

fkie_cve-2025-59425

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature