CVE-2025-29770

MEDIUM EPSS 33.8%
Published Mar 19, 20251y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Mar 19, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has been on by default in vLLM. Outlines is also available by default through the OpenAI compatible API server. The affected code in vLLM is vllm/model_executor/guided_decoding/outlines_logits_processors.py, which unconditionally uses the cache from outlines. A malicious user can send a stream of very short decoding requests with unique schemas, resulting in an addition to the cache for each request. This can result in a Denial of Service if the filesystem runs out of space. Note that even if vLLM was configured to use a different backend by default, it is still possible to choose outlines on a per-request basis using the guided_decoding_backend key of the extra_body field of the request. This issue applies only to the V0 engine and is fixed in 0.8.0.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
33.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-770

Affected Products 1

VendorProductVersionRange
vllmvllm* <0.8.0

References 3

  • github.com https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py
    Product
  • github.com https://github.com/vllm-project/vllm/pull/14837
    Issue TrackingPatch
  • github.com https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8
    PatchVendor Advisory

Remediation

  • github.com https://github.com/vllm-project/vllm/pull/14837
    Issue TrackingPatch
  • github.com https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8
    PatchVendor Advisory