CVE-2025-48944

Medium CVSS: 6.5

vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue.

Vendor

Vllm

Product

Vllm

CWE

CWE-20

Yayın Tarihi

2025-05-30 19:15:30

Güncelleme

2025-07-01 20:42:13

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Vllm MEDIUM Vllm 2025

Referanslar

https://github.com/vllm-project/vllm/pull/17623 https://github.com/vllm-project/vllm/security/advisories/GHSA-vrq3-r879-7m65

Benzer Kayıtlar

High

CVE-2026-27893

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to versio…

High

CVE-2026-25960

vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add…

Critical

CVE-2026-22778

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid i…

High

CVE-2026-24779

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request…

High

CVE-2026-22807

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to versio…

Medium

CVE-2026-22773

vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users…