Description
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6
Issue Tracking, Patch x_refsource_misc
https://github.com/vllm-project/vllm/pull/17378
Scores
CVSS v3
4.2
EPSS
0.0023
EPSS Percentile
45.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1288
CWE-1023
Status
published
Products (2)
pypi/vllm
0.7.0 - 0.9.0PyPI
vllm/vllm
0.7.0 - 0.9.0
Published
May 29, 2025
Tracked Since
Feb 18, 2026