CVE-2025-48944— vLLM Tool Schema allows DoS via Malformed pattern and type Fields
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-48944
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vLLM Tool Schema allows DoS via Malformed pattern and type Fields
Source: NVD (National Vulnerability Database)
Vulnerability Description
vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
vLLM 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.8.0至0.9.0之前版本存在输入验证错误漏洞,该漏洞源于调用工具功能时未验证pattern和type字段的意外或畸形输入,可能导致推理工作器崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| vllm-project | vllm | >= 0.8.0, < 0.9.0 | - |
II. Public POCs for CVE-2025-48944
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-48944
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-48944 (1)
Same Patch Batch · vllm-project · 2025-05-30 · 4 CVEs total
| CVE-2025-48887 | 6.5 MEDIUM | vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerabil |
| CVE-2025-48942 | 6.5 MEDIUM | vLLM DOS: Remotely kill vllm over http with invalid JSON schema |
| CVE-2025-48943 | 6.5 MEDIUM | vLLM allows clients to crash the openai server with invalid regex |
IV. Related Vulnerabilities
Same product: vllm
- CVE-2026-44223
vLLM: extract_hidden_states speculative decoding crashes ser - CVE-2026-44222
vLLM: Remote DoS via Special-Token Placeholders - CVE-2026-7141
vllm KV Block kv_cache_interface.py has_mamba_layers uniniti - CVE-2026-34756
vLLM Affected by Unauthenticated OOM Denial of Service via U - CVE-2026-34755
vLLM Affected by Denial of Service via Unbounded Frame Count
Same vendor: vllm-project
- CVE-2026-44223
vLLM: extract_hidden_states speculative decoding crashes ser - CVE-2026-44222
vLLM: Remote DoS via Special-Token Placeholders - CVE-2026-34756
vLLM Affected by Unauthenticated OOM Denial of Service via U - CVE-2026-34755
vLLM Affected by Denial of Service via Unbounded Frame Count - CVE-2026-34753
vLLM affected by Server-Side Request Forgery (SSRF) in `down
Same weakness: CWE-20
- CVE-2026-26147
Azure Stack HCI Information Disclosure Vulnerability - CVE-2026-40411
Azure Virtual Network Gateway Remote Code Execution Vulnerab - CVE-2026-3294
Authentication Logic Vulnerability on Multiple TP-Link Range - CVE-2026-34207
TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames i - CVE-2026-44417
Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS
V. Comments for CVE-2025-48944
No comments yet