Is there a patch available for CVE-2025-71379?

Yes, a patch is available for CVE-2025-71379. Update the affected software to the latest version immediately.

vLLM CVE-2025-71379

Q: What is the CVSS score of CVE-2025-71379?

CVE-2025-71379 has a CVSS 4.0 base score of 5.3 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

Q: Which versions of vLLM are affected by CVE-2025-71379?

Regular expression denial of service in vLLM versions 0.6.3 through 0.8.x exposes three distinct attack surfaces - the LoRA utility module, the phi4mini tool parser, and the OpenAI-compatible chat…. A patch is available.

EUVD-2025-210290 MEDIUM

Inefficient Regular Expression Complexity (ReDoS) (CWE-1333)

2026-06-20 VulnCheck

Denial Of Service Vllm

5.3

CVSS 4.0 · Vendor: VulnCheck

Severity by source

Vendor (VulnCheck) PRIMARY

5.3 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

vuln.today AI

6.5 MEDIUM

Network-reachable authenticated API with low complexity; availability set to High because the advisory describes severe CPU exhaustion causing denial of service, not mere degradation.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

Jun 22, 2026 - 06:25 vuln.today

Analysis Generated

Jun 22, 2026 - 06:25 vuln.today

Patch available

Jun 20, 2026 - 20:01 EUVD

DescriptionCVE.org

vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns - in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint - are susceptible to catastrophic backtracking. An attacker submitting crafted input with nested or repeated structures can trigger severe CPU consumption and performance degradation, resulting in denial of service.

AnalysisAI

Regular expression denial of service in vLLM versions 0.6.3 through 0.8.x exposes three distinct attack surfaces - the LoRA utility module, the phi4mini tool parser, and the OpenAI-compatible chat endpoint - to catastrophic regex backtracking, causing severe CPU exhaustion and service-wide denial of service. Authenticated API consumers can submit crafted inputs with deeply nested or repeated structures (e.g., ((((a|)+)+)+)) to trigger unbounded processing in Python's backtracking NFA regex engine. No public exploit identified at time of analysis, though the GHSA advisory discloses the exact vulnerable patterns and example malicious inputs, substantially lowering the reproduction barrier for anyone with API access.

Technical ContextAI

vLLM is a high-throughput LLM inference engine commonly deployed as an OpenAI-compatible API server, covered by CPE cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*. All three vulnerabilities fall under CWE-1333 (Inefficient Regular Expression Complexity): r"$(.*?)$\$?$" in vllm/lora/utils.py line 173 processes LoRA adapter names; r'functools\[(.*?)\]' with re.DOTALL in vllm/entrypoints/openai/tool_parsers/phi4mini_tool_parser.py line 52 processes model output; and r'.*"parameters":\s*(.*)' in vllm/entrypoints/openai/serving_chat.py line 351 processes chat message content. Python's standard re module uses a backtracking NFA that provides no catastrophic backtracking protection, meaning adversarially crafted inputs can induce exponential regex engine state-space exploration and unbounded CPU consumption on a single request.

RemediationAI

The primary remediation is to upgrade vLLM to version 0.9.0 or later, which resolves all three ReDoS patterns; the upstream fix is tracked in PR #18454 and commit 4fc1bf813ad80172c1db31264beaef7d93fe0601 (https://github.com/vllm-project/vllm/pull/18454). If an immediate upgrade is not feasible, the GHSA advisory recommends enforcing explicit input length limits before any affected regex is evaluated - apply a hard maximum length to LoRA adapter name strings, to model_output content reaching the phi4mini parser, and to chat message content processed by serving_chat.py; this trades off some flexibility in accepted inputs but eliminates the exponential backtracking path. Disabling LoRA adapter support entirely (if unused in the deployment) eliminates the lora/utils.py attack surface with no inference capability impact. Restricting API access to trusted, verified consumers using network-layer controls (firewall rules, authentication middleware) reduces exposure consistent with the PR:L exploitation prerequisite. Full vendor advisory: https://github.com/vllm-project/vllm/security/advisories/GHSA-j828-28rj-hfhp.