CVE-2025-57809

XGrammar affected by Denial of Service by infinite recursion grammars

CVSS 7.7 HIGHEPSS 0.4%CWE-674

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

25 ago 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

Productos afectados

mlc-ai · xgrammar

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5 https://github.com/mlc-ai/xgrammar/issues/250 https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc