CVE-2025-46722: 
Chainguard vulnerability analysis and mitigation

CVE-2025-46722 is a security vulnerability discovered in vLLM's MultiModalHasher class affecting versions 0.7.0 through 0.9.0. The vulnerability was disclosed on May 28, 2025, and affects the image hashing implementation in the vllm/multimodal/hasher.py file. The issue stems from improper serialization of PIL.Image.Image objects, where only raw pixel data is used without including critical metadata (GitHub Advisory).

The vulnerability exists in the MultiModalHasher.serialize_item method where PIL.Image.Image objects are serialized using only obj.tobytes(), which returns raw pixel data without including metadata such as image shape, dimensions, color mode, and format. This implementation can cause two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence to generate identical hash values. The vulnerability has been assigned a CVSS v3.1 base score of 4.2 (Moderate) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L (GitHub Advisory).

The vulnerability can lead to hash collisions and incorrect cache hits in the system. Two images with different visual content but the same pixel byte sequence could be treated as identical, potentially resulting in incorrect responses and data leakage. The issue also affects video modality due to similar problems with numpy array sequencing, though audio processing remains unaffected due to librosa's automatic single-channel encoding (GitHub Advisory).

The vulnerability has been patched in vLLM version 0.9.0. The fix involves modifying the serialize_item method to include all critical metadata in the hash calculation, including dimensions, color mode, format, and the info dictionary. This is particularly important for palette-based images where the palette is stored in the info dictionary (GitHub Advisory).