CVE-2025-48956
- Source
- https://cve.org/CVERecord?id=CVE-2025-48956
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48956.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-48956
- Aliases
- Related
- Published
- 2025-08-21T14:41:03.889Z
- Modified
- 2026-04-10T05:28:52.803606Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- vLLM API endpoints vulnerable to Denial of Service Attacks
- Details
-
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user. This vulnerability is fixed in 0.10.1.1.
- Database specific
{ "cwe_ids": [ "CWE-400" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48956.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48956.json
- https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47
- https://nvd.nist.gov/vuln/detail/CVE-2025-48956
- https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944
- https://github.com/vllm-project/vllm/pull/23267
Affected packages
Git / github.com/vllm-project/vllm
Affected versions
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.10.0
v0.10.0rc1
v0.10.0rc2
v0.10.1
v0.10.1rc1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.4.0.post1
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.0.post1
v0.5.1
v0.5.2
v0.5.3
v0.5.3.post1
v0.5.4
v0.5.5
v0.6.0
v0.6.1
v0.6.1.post1
v0.6.1.post2
v0.6.2
v0.6.3
v0.6.3.post1
v0.6.4
v0.6.4.post1
v0.6.5
v0.6.6
v0.6.6.post1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0rc1
v0.8.0rc2
v0.8.1
v0.8.2
v0.8.3rc1
v0.8.4
v0.9.0
v0.9.1
v0.9.1rc1
v0.9.1rc2
v0.9.2rc1