← voltar
CVE-2025-57809

XGrammar affected by Denial of Service by infinite recursion grammars

CVSS 7.7 HIGHEPSS 0.4%CWE-674
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 ago 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
Produtos afetados
mlc-ai · xgrammar

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5https://github.com/mlc-ai/xgrammar/issues/250https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc