CVE-2025-11915

Vulnerability Description

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.

Related Weaknesses (CWE)

CWE-444

References

https://cloud.google.com/vertex-ai/generative-ai/docs/security-bulletins#gcp-202

FAQ

What is CVE-2025-11915?

CVE-2025-11915 is a documented vulnerability. Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.

How severe is CVE-2025-11915?

CVSS scoring is not yet available for CVE-2025-11915. Check NVD for updates.

Is there a patch for CVE-2025-11915?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.