{"data":{"id":"242ae08a-d118-40fb-ab9b-b76547ad7f51","title":"CVE-2025-48887: vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDo","summary":"vLLM, a software system that runs and serves large language models, has a vulnerability in how it parses tool commands that can be exploited to crash or slow down the service. The problem comes from using an overly complex pattern-matching rule (regular expression with nested quantifiers, optional groups, and inner repetitions) that can cause the system to get stuck processing certain inputs, leading to severe performance problems.","solution":"Update to version 0.9.0 or later, which contains a patch for the issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-48887","publishedAt":"2025-05-30T22:15:32.500Z","cveId":"CVE-2025-48887","cweIds":["CWE-1333"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00121,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}