CVE-2025-48942

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.0 through 0.9.0

Description The issue arises when the /v1/completions API endpoint is hit with an invalid json schema as a Guided Param, causing the vLLM server to crash. This is similar to a previously known issue but concerns regex instead of a JSON schema. The problem is triggered by an invalid json schema in the guided json parameter of the API call. For example, using {"properties":{"reason":{"type": "stsring"}}} as the guided json will provoke an error. The estimated number of potentially affected devices is not provided.

Technical details about exploitation include:

API Endpoint: /v1/completions
Vulnerable Parameter: guided json
The error occurs because the json schema provided in the guided json parameter is invalid, specifically due to a typo in the type definition ("stsring" instead of "string").

Recommendations For versions 0.8.0 through 0.9.0, update to version 0.9.0 or later to fix the issue. As a temporary workaround, consider validating the json schema in the guided json parameter before passing it to the /v1/completions API endpoint to prevent the server from crashing. Restrict access to the /v1/completions API endpoint until the update can be applied.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

BDU:2025-11321

CVE-2025-48942

GHSA-6QC9-V4R8-22XG

PYSEC-2025-54

Affected Products

Vllm

CVE-2025-48942

Weakness Enumeration

Related Identifiers

Affected Products

References · 18