PT-2025-36398 · Xgrammar · Xgrammar
Xendo
·
Published
2025-09-05
·
Updated
2025-09-06
·
CVE-2025-58446
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
xgrammar versions 0.1.23
Description
xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in version 0.1.23 can be exploited to cause a denial-of-service (DOS) attack on model providers by processing large grammars at a very low rate.
Recommendations
Update to version 0.1.24.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xgrammar