CVE-2025-48943 is a medium-severity vulnerability affecting the vLLM project, specifically versions from 0.8.0 up to but excluding 0.9.0. vLLM is an inference and serving engine designed for large language models (LLMs), which are increasingly used in AI-driven applications. The vulnerability arises from an uncaught exception triggered by a Denial of Service (DoS) condition caused by a Regular Expression Denial of Service (ReDoS) attack. When an invalid regular expression is provided during the use of structured output features, the vLLM server crashes. This vulnerability is related to CWE-248 (Uncaught Exception), indicating that the software does not properly handle exceptions caused by malformed input. It is similar in nature to a previously reported vulnerability (CVE-2025-48942), which involved JSON schema validation, but this one specifically targets regex processing. The vulnerability requires network access (AV:N), low attack complexity (AC:L), and privileges (PR:L) but no user interaction (UI:N). The impact is limited to availability (A:H) with no confidentiality or integrity loss. The issue is fixed in version 0.9.0 of vLLM. No known exploits are currently reported in the wild. The vulnerability could be exploited remotely by an attacker with limited privileges to send crafted regex input to the server, causing it to crash and disrupt service availability.

For European organizations utilizing vLLM versions 0.8.0 to 0.8.x in production or research environments, this vulnerability poses a risk of service disruption due to server crashes triggered by maliciously crafted regex inputs. This can lead to denial of service conditions affecting AI-driven applications, potentially impacting business continuity, especially in sectors relying on real-time or large-scale AI inference such as finance, healthcare, and telecommunications. The disruption could degrade user experience, delay critical decision-making processes, and cause operational downtime. Since the vulnerability does not affect confidentiality or integrity, data breaches are unlikely; however, availability impacts can still have significant operational and reputational consequences. The requirement for some level of privilege to exploit may limit exposure but does not eliminate risk, especially in multi-tenant or shared environments where attackers might gain limited access. The lack of known exploits suggests a window of opportunity for proactive mitigation before active exploitation occurs.

European organizations should prioritize upgrading vLLM to version 0.9.0 or later, where the vulnerability is patched. Until an upgrade is possible, organizations should implement input validation and sanitization controls to detect and reject malformed or suspicious regex patterns before they reach the vLLM server. Network segmentation and strict access controls should be enforced to limit who can send structured output requests to the vLLM service, reducing the risk of unauthorized or malicious inputs. Monitoring and alerting on server crashes or unusual regex processing errors can help detect attempted exploitation. Additionally, employing Web Application Firewalls (WAFs) or API gateways with regex pattern filtering capabilities can provide an additional layer of defense. Regular security assessments and code reviews focusing on exception handling and input validation in AI inference services are recommended to prevent similar issues. Finally, organizations should maintain an incident response plan tailored to availability-impacting attacks on AI infrastructure.