CVE-2025-48944: 
Chainguard vulnerability analysis and mitigation

CVE-2025-48944 affects vLLM (an inference and serving engine for large language models) versions 0.8.0 up to but excluding 0.9.0. The vulnerability was discovered and disclosed on May 28, 2025, impacting the vLLM backend used with the /v1/chat/completions OpenAPI endpoint. The vulnerability stems from improper input validation in the 'pattern' and 'type' fields when the tools functionality is invoked (GitHub Advisory, NVD).

The vulnerability involves two specific fields: the 'type' field, which expects values like 'string', 'number', 'object', 'boolean', 'array', or 'null', and the 'pattern' field, which undergoes Jinja2 rendering before being passed to the native regex compiler. These inputs are not properly validated before being compiled or parsed. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (GitHub Advisory, Wiz).

When exploited, this vulnerability results in a denial of service condition where the inference worker crashes with a single request. The worker remains down until manually restarted, causing subsequent requests to receive 500 internal server errors. The vulnerability affects service availability while maintaining no impact on confidentiality or integrity (GitHub Advisory).

The vulnerability has been fixed in vLLM version 0.9.0. Users are strongly recommended to upgrade to this version to address the security issue. The fix includes proper validation of grammar and implementation of 400 error responses instead of allowing the engine to crash when validation fails (GitHub PR, GitHub Advisory).