CVE-2025-48943

vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to GHSA-6qc9-v4r8-22xg/CVE-2025-48942, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff	Patch
https://github.com/vllm-project/vllm/issues/17313	Issue Tracking
https://github.com/vllm-project/vllm/pull/17623	Issue Tracking Patch
https://github.com/vllm-project/vllm/security/advisories/GHSA-9hcf-v7m4-6m2j	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*

History

24 Jun 2025, 17:40

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-30 19:15

Updated : 2025-06-24 17:40

NVD link : CVE-2025-48943

Mitre link : CVE-2025-48943

CVE.ORG link : CVE-2025-48943

JSON object : View

Products Affected

vllm

vllm

CWE

CWE-248

Uncaught Exception

{"id": "CVE-2025-48943", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-05-30T19:15:30.280", "references": [{"url": "https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vllm-project/vllm/issues/17313", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vllm-project/vllm/pull/17623", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9hcf-v7m4-6m2j", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to GHSA-6qc9-v4r8-22xg/CVE-2025-48942, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue."}, {"lang": "es", "value": "vLLM es un motor de inferencia y servicio para modelos de lenguaje grandes (LLM). Las versiones 0.8.0 y 0.9.0, excepto esta, presentan una vulnerabilidad de denegaci\u00f3n de servicio (ReDoS) que provoca el bloqueo del servidor vLLM si se proporciona una expresi\u00f3n regular no v\u00e1lida al usar la salida estructurada. Esta vulnerabilidad es similar a GHSA-6qc9-v4r8-22xg/CVE-2025-48942, pero para expresiones regulares en lugar de un esquema JSON. La versi\u00f3n 0.9.0 corrige el problema."}], "lastModified": "2025-06-24T17:40:52.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E26EB9F-426B-4A73-B8CA-2D9F3727AF2C", "versionEndExcluding": "0.9.0", "versionStartIncluding": "0.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}