{"data":{"id":"e62f882e-c307-4866-8c60-e996e97032fe","title":"CVE-2025-71379: vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Severa","summary":"vLLM versions 0.6.3 through 0.9.0 contain ReDoS (regular expression denial of service, where specially crafted text causes regex patterns to consume excessive CPU time) vulnerabilities in several components including the LoRA utility parser, phi4mini tool parser, and OpenAI chat endpoint. An attacker can send malicious input with nested or repeated structures to trigger severe CPU consumption and make the service unavailable.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-71379","publishedAt":"2026-06-20T19:16:23.410Z","cveId":"CVE-2025-71379","cweIds":["CWE-1333"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-20T19:16:23.410Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}