CVE-2025-57809

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.

CVSS

No CVSS.

References

Link	Resource
https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5
https://github.com/mlc-ai/xgrammar/issues/250
https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc

Configurations

No configuration.

History

26 Aug 2025, 13:41

Type	Values Removed	Values Added
Summary		(es) XGrammar es una librería de código abierto para la generación de estructuras eficiente, flexible y portátil. Antes de la versión 0.1.21, XGrammar presentaba un problema de recursión infinita en la gramática. Este problema se ha resuelto en la versión 0.1.21.

25 Aug 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-25 22:15

Updated : 2025-08-26 13:41

NVD link : CVE-2025-57809

Mitre link : CVE-2025-57809

CVE.ORG link : CVE-2025-57809

JSON object : View

Products Affected

No product.

CWE

CWE-674

Uncontrolled Recursion

{"id": "CVE-2025-57809", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-25T22:15:33.297", "references": [{"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5", "source": "security-advisories@github.com"}, {"url": "https://github.com/mlc-ai/xgrammar/issues/250", "source": "security-advisories@github.com"}, {"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21."}, {"lang": "es", "value": "XGrammar es una librer\u00eda de c\u00f3digo abierto para la generaci\u00f3n de estructuras eficiente, flexible y port\u00e1til. Antes de la versi\u00f3n 0.1.21, XGrammar presentaba un problema de recursi\u00f3n infinita en la gram\u00e1tica. Este problema se ha resuelto en la versi\u00f3n 0.1.21."}], "lastModified": "2025-08-26T13:41:58.950", "sourceIdentifier": "security-advisories@github.com"}