{ "threat_severity" : "Important", "public_date" : "2025-08-25T21:22:00Z", "bugzilla" : { "description" : "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars", "id" : "2390943", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2390943" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-674", "details" : [ "XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.", "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed." ], "statement" : "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19421", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/instructlab-intel-rhel9:sha256:cf0ec4ad1520ff2ce83420846830286e036f310f880cf8a533f0966c35ebd32f" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19422", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/bootc-intel-rhel9:sha256:601064840ac29ea7d4a977efb506df226a2931d5079ec9f432bdf60095bf7c2e" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19423", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/instructlab-nvidia-rhel9:sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19424", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/bootc-azure-amd-rhel9:sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19425", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/instructlab-amd-rhel9:sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19426", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/bootc-gcp-nvidia-rhel9:sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19427", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/bootc-amd-rhel9:sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19428", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/bootc-nvidia-rhel9:sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19429", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/bootc-aws-nvidia-rhel9:sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8" }, { "product_name" : "Red Hat Enterprise Linux AI 1.5", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19430", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1.5::el9", "package" : "rhelai1/bootc-azure-nvidia-rhel9:sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf" } ], "package_state" : [ { "product_name" : "Red Hat AI Inference Server", "fix_state" : "Affected", "package_name" : "rhaiis/vllm-cuda-rhel9", "cpe" : "cpe:/a:redhat:ai_inference_server:3" }, { "product_name" : "Red Hat AI Inference Server", "fix_state" : "Affected", "package_name" : "rhaiis/vllm-rocm-rhel9", "cpe" : "cpe:/a:redhat:ai_inference_server:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-57809\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-57809\nhttps://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5\nhttps://github.com/mlc-ai/xgrammar/issues/250\nhttps://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc" ], "name" : "CVE-2025-57809", "mitigation" : { "value" : "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.", "lang" : "en:us" }, "csaw" : false }