Unrated severityNVD Advisory· Published Jul 1, 2025· Updated Nov 20, 2025

Ai-inference-server: authentication bypass via unprotected inference endpoint in api

CVE-2025-6920

Description

A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources.

Affected products

Red Hat/Red Hat AI Inference Serverv5
cpe:/a:redhat:ai_inference_server:3
ai-inference-server/ai-inference-serverllm-create

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2025-6920mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000