CVE-2025-48942 is a medium severity vulnerability affecting the vLLM inference and serving engine for large language models (LLMs), specifically versions 0.8.0 up to but excluding 0.9.0. The vulnerability arises when the /v1/completions API endpoint receives an invalid JSON schema as a Guided Param. This malformed input triggers an uncaught exception, causing the vLLM server to crash and become unavailable. The issue is classified under CWE-248, which relates to uncaught exceptions leading to application crashes or denial of service. This vulnerability is similar to CVE-2025-48943, which involves a regex-based input causing a similar crash, but CVE-48942 specifically involves JSON schema inputs. The vulnerability does not impact confidentiality or integrity but results in a denial of service (availability impact). The CVSS 3.1 base score is 6.5, reflecting a network attack vector with low attack complexity, requiring low privileges but no user interaction. The scope is unchanged, meaning the vulnerability affects only the vulnerable component without impacting other components. No known exploits are currently reported in the wild. The issue is fixed in version 0.9.0 of vLLM. Since vLLM is a specialized engine used for serving large language models, this vulnerability could disrupt AI services relying on this software if exploited by sending crafted API requests with invalid JSON schemas, leading to service outages.

For European organizations deploying vLLM versions 0.8.0 to before 0.9.0, this vulnerability poses a risk primarily to service availability. Organizations using vLLM to serve AI or language model inference could experience denial of service if attackers send malformed requests to the /v1/completions API, causing server crashes. This could disrupt AI-driven applications, customer-facing chatbots, or internal automation relying on LLM inference, potentially impacting business operations and user experience. Given the growing adoption of AI technologies in sectors such as finance, healthcare, and public services across Europe, service interruptions could have operational and reputational consequences. However, since the vulnerability does not allow data breach or code execution, the confidentiality and integrity of data remain unaffected. The requirement for low privileges but no user interaction means internal threat actors or attackers with some access to the API endpoint could exploit this. The absence of known exploits in the wild reduces immediate risk but patching is recommended to prevent future exploitation.

European organizations should upgrade vLLM to version 0.9.0 or later, where this vulnerability is fixed. Until upgrading is possible, organizations can implement strict input validation and filtering at the API gateway or web application firewall (WAF) level to detect and block malformed JSON schema inputs targeting the /v1/completions endpoint. Rate limiting and anomaly detection on API requests can help identify and mitigate potential exploitation attempts. Monitoring server logs for repeated crashes or malformed requests can provide early warning signs. Restricting access to the API endpoint to trusted networks or authenticated users can reduce exposure. Additionally, organizations should conduct regular vulnerability scans and penetration tests focusing on AI inference services to detect similar issues proactively. Maintaining an incident response plan for service outages related to AI inference engines is also advisable.