{"data":{"id":"5c9feea8-f462-44f7-8850-cce545016f58","title":"CVE-2025-29770: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the","summary":"vLLM, a system for running large language models efficiently, uses the outlines library to support structured output (guidance on what format the AI's answer should follow). The outlines library stores compiled grammar rules in a cache on the hard drive, which is turned on by default. A malicious user can send many requests with different output formats, filling up this cache and causing the system to run out of disk space, making it unavailable to others (a denial of service attack). This problem affects only the V0 engine version of vLLM.","solution":"This issue is fixed in vLLM version 0.8.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-29770","publishedAt":"2025-03-19T20:15:31.977Z","cveId":"CVE-2025-29770","cweIds":["CWE-770"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM","Outlines"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00316,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}