Medium severity5.3NVD Advisory· Published Jul 1, 2025· Updated Jun 17, 2026
CVE-2025-6920
CVE-2025-6920
Description
A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Red Hat/Red Hat AI Inference Serverv5cpe:/a:redhat:ai_inference_server:3
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2025-6920nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.