CVE-2025-48956 is a high-severity Denial of Service (DoS) vulnerability affecting the vLLM inference and serving engine for large language models (LLMs), specifically versions from 0.1.0 up to but not including 0.10.1.1. The vulnerability arises from uncontrolled resource consumption (CWE-400) triggered by sending a single HTTP GET request containing an extremely large header to an HTTP endpoint exposed by the vLLM server. This malformed request causes the server to exhaust its memory resources, leading to potential crashes or unresponsiveness. The attack vector is network-based (AV:N), requires no authentication (PR:N), and no user interaction (UI:N), making it trivially exploitable by any remote attacker. The vulnerability impacts availability only, with no direct confidentiality or integrity compromise. The issue has been addressed in version 0.10.1.1 of vLLM. No known exploits are currently reported in the wild. The CVSS v3.1 base score is 7.5, reflecting the ease of exploitation and significant impact on availability. Given that vLLM is used to serve large language models, often in AI-driven applications and services, this vulnerability could disrupt critical AI inference workloads by causing denial of service, impacting service continuity and reliability.

For European organizations deploying vLLM for AI inference and serving, this vulnerability poses a significant risk to service availability. Organizations relying on vLLM for customer-facing AI applications, internal automation, or research could experience service outages or degraded performance if targeted by this DoS attack. The lack of authentication requirement means that any external attacker can attempt exploitation, increasing the attack surface. Disruptions could affect sectors such as finance, healthcare, telecommunications, and government services where AI-driven applications are increasingly integrated. Additionally, the potential for memory exhaustion could lead to cascading failures in multi-tenant or cloud environments, amplifying the impact. The unavailability of AI services could delay critical decision-making processes or customer interactions, resulting in operational and reputational damage. However, since no data confidentiality or integrity is compromised, the primary concern remains service disruption.

European organizations should immediately verify their vLLM deployment versions and upgrade to v0.10.1.1 or later to remediate this vulnerability. In environments where immediate patching is not feasible, implementing network-level protections is critical. This includes configuring web application firewalls (WAFs) or reverse proxies to limit the size of HTTP headers accepted by the vLLM endpoints, effectively blocking requests with abnormally large headers. Rate limiting and anomaly detection mechanisms should be employed to identify and block suspicious traffic patterns indicative of DoS attempts. Additionally, isolating vLLM services within segmented network zones and restricting access to trusted IP ranges can reduce exposure. Monitoring system memory usage and setting up alerts for unusual resource consumption can provide early warning signs of exploitation attempts. Finally, organizations should review incident response plans to include scenarios involving AI service unavailability.