{"data":{"id":"560b8a18-71a4-4f16-a16c-51a66d6dbbc2","title":"CVE-2025-48944: vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, th","summary":"vLLM (a system for running and serving large language models) versions 0.8.0 through 0.9.0 have a vulnerability where the /v1/chat/completions API endpoint doesn't properly check user input in the 'pattern' and 'type' fields when the tools feature is used, allowing a single malformed request to crash the inference worker (the part that actually runs the model) until someone restarts it.","solution":"Update to version 0.9.0 or later, which fixes the issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-48944","publishedAt":"2025-05-30T23:15:30.433Z","cveId":"CVE-2025-48944","cweIds":["CWE-20"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00136,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}