CVE-2025-48942 – vLLM JSON Schema Deserialization Denial of Service

May 30, 2025

CVE ID : CVE-2025-48942

Published : May 30, 2025, 7:15 p.m. | 2 hours, 25 minutes ago

Description : vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48943 – Apache vLLM Regex Denial of Service Vulnerability

Next Article CVE-2025-48938 – GitHub go-gh Command Injection

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

What You Need to Know About CSS Color Interpolation

Why browsers throttle JavaScript timers (and what to do about it)

Why browsers throttle JavaScript timers (and what to do about it)

How to create Google Gemini AI component in Total.js Flow

Drupal 11’s AI Features: What They Actually Mean for Your Team

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

CVE-2025-48942 – vLLM JSON Schema Deserialization Denial of Service

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

How to Assign Unique IDs to Express API Requests for Tracing

CVE-2025-5126 – “FLIR AX8 Remote Command Injection Vulnerability”

CVE-2025-6585 – WordPress JobHunt Insecure Direct Object Reference

CVE-2025-53931 – WeGIA Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-5024 – “GNOME Remote Desktop RDP Denial of Service Vulnerability”

SAP NetWeaver 0-day Vulnerability Exploited in the Wild to Deploy Webshells

CVE-2020-36849 – WordPress AIT CSV Import/Export Plugin Arbitrary File Upload Vulnerability

ChatGPT hits 700 million users as OpenAI revenue surges

CVE-2025-48942 – vLLM JSON Schema Deserialization Denial of Service

Related Posts