PT-2025-15757 · Xgrammar · Xgrammar

Russellb

Publicado

2025-04-09

Atualizado

2025-09-17

CVE-2025-32381

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: XGrammar versions prior to 0.1.18

Description: The issue concerns an unbounded cache for compiled grammars in memory, which can be exploited to cause a denial of service by filling up a host's memory. This can occur when a system using XGrammar receives many small requests with unique JSON schemas, such as sending multiple requests to an LLM inference server.

Recommendations: For versions prior to 0.1.18, update to version 0.1.18 to resolve the issue.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

CVE-2025-32381

GHSA-389X-67PX-MJG3

PYSEC-2025-235

Produtos afetados

Xgrammar

PT-2025-15757 · Xgrammar · Xgrammar

CVE-2025-32381

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13