XGrammar affected by Denial of Service by infinite recursion grammars

7.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

Description

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.

Basic Information

ID CVE-2025-57809

Source GitHub_M

Published Aug 25, 2025 at 21:22

Affected Product

Vendor mlc-ai

Product xgrammar

Version < 0.1.21

Affected Versions mlc-ai xgrammar < 0.1.21

CWE Classification

CWE-674

References

{
    "lastseen": "",
    "description": "XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.",
    "published": "2025-08-25T21:22:00.226Z",
    "modified": "2025-08-25T21:22:00.226Z",
    "type": "cve",
    "title": "XGrammar affected by Denial of Service by infinite recursion grammars",
    "source": "GitHub_M",
    "references": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc\nhttps://github.com/mlc-ai/xgrammar/issues/250\nhttps://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
    "id": "CVE-2025-57809",
    "bulletinFamily": "",
    "cwe": [
        "CWE-674"
    ],
    "cvelist": null,
    "sourceData": "mlc-ai xgrammar < 0.1.21",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "xgrammar",
    "version": "< 0.1.21",
    "vendor": "mlc-ai",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

XGrammar affected by Denial of Service by infinite recursion grammars_CVE-2025-57809