CVE-2025-48944

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.0 through 0.9.0

Description The vLLM backend used with the "/v1/chat/completions" API endpoint fails to validate unexpected or malformed input in the pattern and type fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. The type field is expected to be one of: "string", "number", "object", "boolean", "array", or "null". Supplying any other value will cause the worker to crash. The pattern field undergoes rendering prior to being passed unsafely into the native regex compiler without validation or escaping, allowing malformed expressions to reach the underlying C++ regex engine, resulting in fatal errors.

Recommendations For versions 0.8.0 through 0.9.0, update to version 0.9.0 to fix the issue. As a temporary workaround, consider restricting access to the /v1/chat/completions API endpoint or disabling the tools functionality until a patch is available. Avoid using the pattern and type fields in the affected API endpoint until the issue is resolved.