Vllm · Vllm · CVE-2025-48943
**Name of the Vulnerable Software and Affected Versions**
vLLM versions 0.8.0 through 0.8.x
**Description**
The issue is a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex is provided while using structured output. This is similar to a previously identified issue, but it affects regex instead of a JSON schema.
**Recommendations**
For versions 0.8.0 through 0.8.x, update to version 0.9.0 to resolve the issue. As a temporary workaround, consider restricting the use of structured output with regex to minimize the risk of exploitation.