CVE-2025-32381

Published: Apr 9, 2025

Modified: Apr 9, 2025

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this denial of service to occur. This vulnerability is fixed in 0.1.18.

Vendor	Product	Versions
mlc-ai	xgrammar	affected `< 0.1.18`

Weaknesses (CWE)

CWE-770

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3

x_refsource_CONFIRM

https://github.com/mlc-ai/xgrammar/pull/243

x_refsource_MISC

https://github.com/vllm-project/vllm/pull/16283

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-32381

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References