Home > Vulnerability Database > CVE-2025-48944

Mend.io Vulnerability Database

CVE-2025-48944

Good to know:

Date: May 30, 2025

vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue.

Severity Score

6.5

Related Resources (5)

Url: https://github.com/vllm-project/vllm/pull/17623

Url: https://github.com/vllm-project/vllm/security/advisories/GHSA-vrq3-r879-7m65

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-48944

Url: https://github.com/vllm-project/vllm

Url: https://www.mend.io/vulnerability-database/CVE-2025-48944

Severity Score

6.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version vllm - 0.9.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-48944

Good to know:

Date: May 30, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?