Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.11 views

CVE-2025-71379

A flaw was found in vLLM. Multiple regular expression denial of service ReDoS vulnerabilities exist in versions greater than or equal to 0.6.3 and less than 0.9.0. An attacker can exploit this by submitting crafted input with nested or repeated structures to specific regex patterns within vLLM,...

7.5CVSS5.8AI score0.00321EPSS
Exploits1References5
NVD
NVD
added 2026/06/20 7:16 p.m.12 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

7.5CVSS0.00321EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.7 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.22 views

CVE-2025-71379 vllm - Regular Expression Denial of Service in Multiple Components

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS0.00321EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.10 views

EUVD-2025-210290

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
CVE
CVE
added 2026/06/20 6:27 p.m.20 views

CVE-2025-71379

CVE-2025-71379 affects vLLM versions 0.6.3 through 0.8.x (before 0.9.0). The vulnerability is a set of regular expression denial of service (ReDoS) flaws in multiple components: (1) regex patterns in vllm/lora/utils.py, (2) the phi4mini tool parser, and (3) the OpenAI-compatible serving chat endp...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder