CVE-2025-48943

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.0 through 0.8.x

Description The issue is a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex is provided while using structured output. This is similar to a previously identified issue, but it affects regex instead of a JSON schema.

Recommendations For versions 0.8.0 through 0.8.x, update to version 0.9.0 to resolve the issue. As a temporary workaround, consider restricting the use of structured output with regex to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

BDU:2026-06584

CVE-2025-48943

GHSA-9HCF-V7M4-6M2J

PYSEC-2025-55

Affected Products

Vllm

CVE-2025-48943

Weakness Enumeration

Related Identifiers

Affected Products

References · 17