2 matches found
CVE-2025-48956
A flaw was found in vLLM. A denial of service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does n...
CVE-2025-48956 vLLM API endpoints vulnerable to Denial of Service Attacks
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.10.1.1, a Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion,...