CVE-2025-29770

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 19, 2025
CWE ID 770

Summary

CVE-2025-29770 is a Denial of Service vulnerability affecting the vLLM inference and serving engine for Language Models. The issue lies in the Outlines library, which is a backend used by vLLM for structured output and offers a local filesystem cache for compiled grammars. By default, this cache is enabled in vLLM and is also available through the OpenAI compatible API server. An attacker can exploit this vulnerability by sending a continuous stream of short decoding requests with unique schemas, causing an addition to the cache for each request and potentially exhausting the filesystem's space, leading to a Denial of Service. This vulnerability applies exclusively to the V0 engine and was resolved in version 0.8.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share