CVE-2025-29770

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.8.0

Description The issue is related to the outlines library used by vLLM for structured output, which has an optional cache for compiled grammars on the local filesystem. This cache is enabled by default. A malicious user can exploit this by sending multiple short decoding requests with unique schemas, causing the cache to grow and potentially leading to a Denial of Service if the filesystem runs out of space. The affected code is in the vllm/model executor/guided decoding/outlines logits processors.py file, which unconditionally uses the cache from outlines. The issue applies only to the V0 engine.

Recommendations For versions prior to 0.8.0, update to version 0.8.0 to resolve the issue. As a temporary workaround, consider disabling the use of the outlines library or restricting access to the guided decoding backend key of the extra body field of the request to minimize the risk of exploitation.