{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48944", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-28T18:49:07.582Z", "datePublished": "2025-05-30T18:38:45.505Z", "dateUpdated": "2025-05-30T18:56:56.406Z"}, "containers": {"cna": {"title": "vLLM Tool Schema allows DoS via Malformed pattern and type Fields", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-vrq3-r879-7m65", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-vrq3-r879-7m65"}, {"name": "https://github.com/vllm-project/vllm/pull/17623", "tags": ["x_refsource_MISC"], "url": "https://github.com/vllm-project/vllm/pull/17623"}], "affected": [{"vendor": "vllm-project", "product": "vllm", "versions": [{"version": ">= 0.8.0, < 0.9.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-30T18:38:45.505Z"}, "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the \"pattern\" and \"type\" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue."}], "source": {"advisory": "GHSA-vrq3-r879-7m65", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-30T18:56:49.162584Z", "id": "CVE-2025-48944", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T18:56:56.406Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48944", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-30T18:56:49.162584Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T18:56:52.880Z"}}], "cna": {"title": "vLLM Tool Schema allows DoS via Malformed pattern and type Fields", "source": {"advisory": "GHSA-vrq3-r879-7m65", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "vllm-project", "product": "vllm", "versions": [{"status": "affected", "version": ">= 0.8.0, < 0.9.0"}]}], "references": [{"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-vrq3-r879-7m65", "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-vrq3-r879-7m65", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vllm-project/vllm/pull/17623", "name": "https://github.com/vllm-project/vllm/pull/17623", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the \"pattern\" and \"type\" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-30T18:38:45.505Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48944", "state": "PUBLISHED", "dateUpdated": "2025-05-30T18:56:56.406Z", "dateReserved": "2025-05-28T18:49:07.582Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-30T18:38:45.505Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E26EB9F-426B-4A73-B8CA-2D9F3727AF2C", "versionEndExcluding": "0.9.0", "versionStartIncluding": "0.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the \"pattern\" and \"type\" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue."}, {"lang": "es", "value": "vLLM es un motor de inferencia y servicio para modelos de lenguaje grandes (LLM). Desde la versi\u00f3n 0.8.0 hasta la 0.9.0 (excluyendo esta \u00faltima), el backend de vLLM utilizado con el endpoint de OpenAPI /v1/chat/completions no valida entradas inesperadas o incorrectas en los campos \"patr\u00f3n\" y \"tipo\" al invocar la funcionalidad de herramientas. Estas entradas no se validan antes de compilarse o analizarse, lo que provoca un bloqueo del trabajador de inferencia con una sola solicitud. El trabajador permanece inactivo hasta que se reinicia. La versi\u00f3n 0.9.0 corrige este problema."}], "id": "CVE-2025-48944", "lastModified": "2025-07-01T20:42:13.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-30T19:15:30.433", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/vllm-project/vllm/pull/17623"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-vrq3-r879-7m65"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "vllm: vLLM Tool Schema denial of service", "id": "2369480", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369480"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-20", "details": ["vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the \"pattern\" and \"type\" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue.", "A denial of service flaw was found in vLLM. This flaw allows a remote attacker with access to /v1/chat/completions OpenAPI endpoint to submit malformed data in the \"pattern\" and \"type\" fields to crash the vLLM instance."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-48944", "package_state": [{"cpe": "cpe:/a:redhat:ai_inference_server:3", "fix_state": "Fix deferred", "package_name": "rhaiis/vllm-cuda-rhel9", "product_name": "Red Hat AI Inference Server"}, {"cpe": "cpe:/a:redhat:ai_inference_server:3", "fix_state": "Fix deferred", "package_name": "rhaiis/vllm-rocm-rhel9", "product_name": "Red Hat AI Inference Server"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-aws-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-azure-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-gcp-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/ui-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}], "public_date": "2025-05-30T18:38:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-48944\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-48944\nhttps://github.com/vllm-project/vllm/pull/17623\nhttps://github.com/vllm-project/vllm/security/advisories/GHSA-vrq3-r879-7m65"], "statement": "The severity of this vulnerability is rated Moderate, as it does not impact system availability. The effects are confined to the application layer, without compromising the underlying system stability.", "threat_severity": "Moderate"}