CVE-2025-6920

EPSS 0.05%
Veröffentlicht 01.07.2025 13:16:17
Zuletzt bearbeitet 18.08.2025 19:07:43
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Ai Inference Server Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.162

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://access.redhat.com/security/cve/CVE-2025-6920

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2375522

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-6920

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6920

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6920

EUVD