CVE-2025-32381 – xgrammar

Package

Manager: pip
Name: xgrammar
Vulnerable Version: >=0 <0.1.18

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00086 pctl0.25675

Details

xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory ### Summary Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this denial of service to occur. ### Details The fix is to add a limit to the cache size. This was done in https://github.com/mlc-ai/xgrammar/pull/243 An example of making use of the new cache size limit can be found in vLLM here: https://github.com/vllm-project/vllm/pull/16283 ### Impact Any system making use of Xgrammar and taking requests as input from potentially untrusted parties would be vulnerable to this denial of service issue.

Metadata

Created: 2025-04-09T13:08:59Z
Modified: 2025-04-09T19:53:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-389x-67px-mjg3/GHSA-389x-67px-mjg3.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-389x-67px-mjg3
Finding: F002
Auto approve: 1