Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-71379

CVE-2025-71379: vLLM ReDoS Denial of Service Vulnerability

CVE-2025-71379 is a regular expression denial of service (ReDoS) vulnerability in vLLM versions 0.6.3 to 0.9.0 that enables attackers to cause severe CPU exhaustion. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-71379 Overview

CVE-2025-71379 affects vLLM, an open-source high-throughput inference and serving engine for large language models (LLMs). Versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Vulnerable regex patterns reside in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint. Attackers can submit crafted input containing nested or repeated structures to trigger catastrophic backtracking. The resulting CPU consumption degrades performance and can render the inference service unavailable. The weakness is tracked as CWE-1333 (Inefficient Regular Expression Complexity).

Critical Impact

Authenticated network attackers can exhaust CPU resources on vLLM inference servers, producing denial of service against LLM workloads.

Affected Products

  • vLLM versions >= 0.6.3 and < 0.9.0
  • Deployments exposing the OpenAI-compatible serving chat endpoint
  • Deployments using the phi4mini tool parser or LoRA utilities in vllm/lora/utils.py

Discovery Timeline

  • 2026-06-20 - CVE-2025-71379 published to NVD
  • 2026-06-22 - Last updated in NVD database

Technical Details for CVE-2025-71379

Vulnerability Analysis

The vulnerability is an algorithmic complexity flaw in multiple regex patterns within vLLM. ReDoS occurs when a regular expression engine evaluates input that triggers exponential or super-linear backtracking. The affected regex patterns include those in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint. Each pattern accepts attacker-influenced input and uses constructs vulnerable to catastrophic backtracking. The EPSS probability for this issue is 0.225% with a percentile of 13.061, indicating a low predicted exploitation likelihood at this time.

Root Cause

The root cause is the use of regular expressions with nested quantifiers or overlapping alternations on input that the server does not pre-validate for length or structure. When inputs include nested or repeated structures, the regex engine explores an exponential number of match paths before failing. This consumes CPU on the worker thread that processes the request.

Attack Vector

An authenticated attacker sends crafted strings to vLLM endpoints that invoke the vulnerable regex patterns. Suitable entry points include chat completion requests parsed by the OpenAI-compatible endpoint, tool-call payloads handled by the phi4mini parser, and LoRA adapter inputs processed by vllm/lora/utils.py. Each crafted request ties up a worker for an extended period, and a small number of concurrent requests can stall the service. No memory corruption or data exposure occurs; the impact is limited to availability.

No verified public proof-of-concept code is available. Refer to the GitHub Security Advisory GHSA-j828-28rj-hfhp and the VulnCheck Advisory for technical specifics.

Detection Methods for CVE-2025-71379

Indicators of Compromise

  • Sustained high CPU utilization on vLLM worker processes without a corresponding increase in token throughput.
  • Request latency spikes or timeouts on the OpenAI-compatible chat endpoint while request volume remains low.
  • HTTP request bodies containing unusually long strings with repeated or nested delimiter characters targeting tool-call or LoRA parameters.

Detection Strategies

  • Instrument the vLLM service to log per-request processing time and flag requests exceeding a defined threshold.
  • Inspect inbound payloads for excessive nesting, repetition, or oversized fields routed to tool parsers and LoRA utilities.
  • Correlate worker CPU saturation with specific client identities or API keys to identify abusive sources.

Monitoring Recommendations

  • Monitor process-level CPU and request latency metrics for each vLLM replica and alert on sustained anomalies.
  • Track request rates per authenticated principal against the OpenAI-compatible endpoint and tool-call parsers.
  • Capture and retain HTTP request bodies for forensic review when DoS conditions are observed.

How to Mitigate CVE-2025-71379

Immediate Actions Required

  • Upgrade vLLM to version 0.9.0 or later, which removes the vulnerable regex patterns.
  • Enforce strict request size and field length limits at the reverse proxy or API gateway in front of vLLM.
  • Apply per-client rate limiting and concurrency caps to contain CPU exhaustion from individual sources.

Patch Information

The vLLM project addressed the ReDoS patterns in releases at or after 0.9.0. Review the GitHub Security Advisory GHSA-j828-28rj-hfhp for the fixed commits and upgrade guidance. Operators running affected versions should plan an upgrade rather than rely on configuration-only workarounds.

Workarounds

  • Restrict access to the OpenAI-compatible serving endpoint to trusted, authenticated clients on isolated networks.
  • Disable the phi4mini tool parser and LoRA adapter loading paths if they are not required by the workload.
  • Place a request-validation layer in front of vLLM that rejects payloads with excessive nesting, repetition, or length before they reach the regex parsers.
bash
# Configuration example: upgrade vLLM and enforce request size limits
pip install --upgrade 'vllm>=0.9.0'

# Example nginx limits in front of vLLM
# client_max_body_size 64k;
# limit_req zone=vllm burst=10 nodelay;

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.