← Back

CVE-2025-48944

nvd nist
Published: May 30, 2025Modified: Jun 17, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: security-advisories@github.com (Secondary)

Description

vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue.

Affected (1)

Products: Vllm: Vllm
1 product
Vllm
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
From 0.8.0 to 0.9.0

References (2)

Source: security-advisories@github.com
Issue TrackingVendor Advisory
Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.