Skip to content

Denial of Service by infinite recursion grammars

High
Ubospica published GHSA-5cmr-4px5-23pc Aug 25, 2025

Package

No package listed

Affected versions

0.1.20

Patched versions

0.1.21

Description

Summary

This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High.

Severity

High

CVE ID

CVE-2025-57809

Weaknesses

No CWEs

Credits