CVE-2025-58446 – A denial-of-service vulnerability in xgrammar l... (How to Fix)

📋 TL;DR

A denial-of-service vulnerability in xgrammar library versions 0.1.23 allows attackers to cause resource exhaustion by processing large grammars (>100k characters) at very low rates. This affects any system using xgrammar for structured generation, particularly model providers and applications that process user-supplied grammars. The vulnerability is fixed in version 0.1.24.

💻 Affected Systems

Products:

xgrammar library

Versions: 0.1.23 only

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the grammar optimizer feature introduced in 0.1.23.

📦 What is this software?

Xgrammar by Mlc Ai

View all CVEs affecting Xgrammar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to CPU/memory exhaustion, disrupting model inference services and causing extended downtime.

🟠

Likely Case

Degraded performance and intermittent service disruptions when processing maliciously crafted large grammars.

🟢

If Mitigated

Minimal impact with proper input validation, rate limiting, and updated library versions.

🌐 Internet-Facing: HIGH - Public-facing services accepting grammar inputs are directly vulnerable to DoS attacks.

🏢 Internal Only: MEDIUM - Internal systems could be affected by malicious insiders or compromised internal users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only the ability to submit large grammar inputs to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.24

Vendor Advisory: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-9q5r-wfvf-rr7f

Restart Required: No

Instructions:

1. Update xgrammar to version 0.1.24 using pip: pip install --upgrade xgrammar==0.1.24
2. Verify the update with: pip show xgrammar
3. Restart any services using xgrammar to load the new version.

🔧 Temporary Workarounds

Input size limitation

all

Implement input validation to reject grammars larger than 100k characters

# Python example:
if len(grammar_input) > 100000:
    raise ValueError('Grammar too large')

Rate limiting

all

Implement rate limiting on grammar processing endpoints

🧯 If You Can't Patch

Implement strict input validation to reject grammars >100k characters
Deploy WAF rules to block large grammar payloads at network perimeter

🔍 How to Verify

Check if Vulnerable:

Check xgrammar version: pip show xgrammar | grep Version. If version is 0.1.23, system is vulnerable.

Check Version:

pip show xgrammar | grep Version

Verify Fix Applied:

Verify xgrammar version is 0.1.24 or higher: pip show xgrammar | grep Version

📡 Detection & Monitoring

Log Indicators:

Unusually long processing times for grammar operations
High CPU/memory usage spikes during grammar processing
Repeated failed grammar processing attempts

Network Indicators:

Large payloads (>100k) sent to grammar processing endpoints
High volume of requests to grammar endpoints

SIEM Query:

source="application.logs" AND ("grammar processing" OR "xgrammar") AND (duration>10s OR memory_usage>90%)

📊 Metadata

CVE ID: CVE-2025-58446

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.09% exploit probability (25.7th percentile)

Published: September 6, 2025

Last Updated: September 18, 2025

🔗 References

https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27 Patch
https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-9q5r-wfvf-rr7f Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58446, you might also want to check these: