CVE-2025-57809

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-57809

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57809.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-57809

Aliases

GHSA-5cmr-4px5-23pc

Related

CGA-8344-8xrr-rp7x

Published

2025-08-25T21:22:00.226Z

Modified

2026-04-10T05:31:12.338831Z

Severity

7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

XGrammar affected by Denial of Service by infinite recursion grammars

Details

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57809.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-674"
    ]
}

References

Affected packages

Git / github.com/mlc-ai/xgrammar

Affected ranges

Type: GIT
Repo: https://github.com/mlc-ai/xgrammar
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

774867ce410ce1c5c7c10011cc0a9e20bd7894e2

Affected versions

v0.*

v0.1.10

v0.1.11

v0.1.12

v0.1.13

v0.1.14

v0.1.15

v0.1.16

v0.1.18

v0.1.19

v0.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57809.json"