CVE-2025-48942

Description

vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

vllm-project / vllm>= 0.8.0, < 0.9.0 – >= 0.8.0, < 0.9.0

References

VENDOR_ADVISORYhttps://github.com/vllm-project/vllm/security/advisories/GHSA-6qc9-v4r8-22xg
MISChttps://github.com/vllm-project/vllm/issues/17248
PATCHhttps://github.com/vllm-project/vllm/pull/17623
PATCHhttps://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff