CVE-2025-57809

Exploit

EPSS 0.44%
Veröffentlicht 25.08.2025 21:22:00
Zuletzt bearbeitet 09.09.2025 18:57:43
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

XGrammar affected by Denial of Service by infinite recursion grammars

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mlc-ai ≫ Xgrammar Version < 0.1.21

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.347

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc

Vendor Advisory

https://github.com/mlc-ai/xgrammar/issues/250

Exploit

Issue Tracking

https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-57809

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-57809

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-57809

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-57809