CVE-2025-29770Allocation of Resources Without Limits or Throttling in Vllm

CWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 45.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vllm-project VllmVllm
Timeline
PublishedMar 19

Description

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has been on by default in vLLM. Outlines is also available by default through the OpenAI compatible API server. The affected code in vLLM is vllm/model_executor/guided_decoding/outlines_logits_processors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDvllm/vllm< 0.8.0
PyPIvllm/vllm< 0.8.0
CVEListV5vllm-project/vllm< 0.8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
vLLM denial of service via outlines unbounded cache on disk2025-03-19
GHSA
vLLM denial of service via outlines unbounded cache on disk2025-03-19

📋Vendor Advisories

1
Red Hat
vllm: vLLM denial of service via outlines unbounded cache on disk2025-03-19