Connection Desynchronization in Google Cloud's AI Models
CVE-2025-11915

6.9MEDIUM

Key Information:

Vendor: Google Cloud
Status: Vertex Ai: Partner Models For Maas; Vertex Ai: Open Models For Maas; Vertex Ai: Self-deployed Models
Vendor: CVE Published:; 22 October 2025

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2025-11915?

A connection desynchronization issue has been identified between the HTTP proxy and the model backend of Google Cloud's AI systems. This vulnerability could potentially allow for unexpected behavior in communications between network components and service models. Fortunately, Google Cloud has implemented fixes for all affected proxies as of September 28, 2025, ensuring that users of Vertex AI do not need to take any further action to protect their systems.

Affected Version(s)

Vertex AI: Open Models for MaaS https://cloud.google.com/vertex-ai/generative-ai/docs/maas/use-open-models 0 < 2025-09-28

Vertex AI: Partner Models for MaaS https://cloud.google.com/vertex-ai/generative-ai/docs/partner-models/use-partner-models 0 < 2025-09-26

Vertex AI: Self-Deployed Models https://cloud.google.com/vertex-ai/generative-ai/docs/model-garden/self-deployed-models 0 < 2025-09-28

References

https://cloud.google.com/vertex-ai/generative-ai/docs/sec...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Oct 17, 2025

JSON