We use cookies to improve your experience on our site.
AVID-2026-R1658
Description
Vulnerability CVE-2025-22892
Details
Uncontrolled resource consumption for some OpenVINO™ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Reason for inclusion in AVID: The CVE describes an uncontrolled resource consumption (DoS) vulnerability in OpenVINO model server software, a software component used to deploy and serve AI models. This directly affects AI inference pipelines and deployment stacks. It is a software issue in a component (model serving/runtime) used to build/run general-purpose AI systems, not hardware/firmware-only. The vulnerability is security-focused (denial of service) with explicit CVSS details. The available description and references provide sufficient signal to classify this as an AI software supply chain vulnerability.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | OpenVINO™ model server software maintained by Intel(R) |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Base Score | 6.5 |
| Base Severity | 🟠 Medium |
| Attack Vector | ADJACENT_NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-400 | Uncontrolled Resource Consumption |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-05-13
- Version: 0.3.3
- AVID Entry