{"data":{"id":"200aba0e-1ff4-4a78-9323-9464867c58ef","title":"CVE-2025-48942: vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, h","summary":"vLLM (an inference and serving engine for large language models) versions 0.8.0 through 0.8.x have a vulnerability where sending an invalid JSON schema as a parameter to the /v1/completions API endpoint causes the server to crash. This happens because the application doesn't properly handle (catch) exceptions that occur when processing malformed input.","solution":"Update to vLLM version 0.9.0 or later, which fixes the issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-48942","publishedAt":"2025-05-30T23:15:30.130Z","cveId":"CVE-2025-48942","cweIds":["CWE-248"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00068,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}