{"id":"CVE-2025-58446","summary":"xgrammar vulnerable to denial of service by huge enum grammar","details":"xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (\u003e100k characters) at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24.","aliases":["GHSA-9q5r-wfvf-rr7f"],"modified":"2026-04-12T18:25:22.033875Z","published":"2025-09-06T19:06:10.141Z","related":["CGA-xpmr-v9x4-g3pw"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58446.json","cwe_ids":["CWE-770"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58446.json"},{"type":"ADVISORY","url":"https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-9q5r-wfvf-rr7f"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58446"},{"type":"FIX","url":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mlc-ai/xgrammar","events":[{"introduced":"0"},{"last_affected":"16e5298ed9b74fba1c8674b21996b0f47d95276d"},{"fixed":"ced69c3ad2f8f61b516cc278a342e7c644383e27"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.1.23"}]}}],"versions":["v0.1.10","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.18","v0.1.19","v0.1.21","v0.1.22","v0.1.23","v0.1.9"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["179810654982026507596327346937254522910","120804389206531764393735081983451247867","53130283339634625886101859336639844599","283043820088650212597251689064209513436","301544643683622969122371940377896571089","111618244743284106387277465826898980342","100317301590433056096145872387848597079","211840011579278160574657911357158015129","27501351056793903879514013667172719077","332786902724282427277335891023154185401","154604611506602014903431370579370446036","191796935466032675057647974516319306733","195418045415408812359938322547398966525","37865285775983714858605539632981205044","59621662351859118079509022285214293500","215145808692823905193734002305599844930","156757560910924684256121595550640884832","84791414479665693800693069460543818931","247662617775739443886656214538723705020","27557949123666632923636994201730839431","278311377572334103716361043118744031783","150612208090992708843287798489692216959","44769436334076296535390772656846478428","309179949169957924999413001252839705038","317235888133890191755845390705872407482","159210282327346407856310833515947248381","44479799184854619364611737823719144823","276568259243044633302922960558841747660","320180724621997719076425155858836358873","226623995030843086049462462062364460726","290474400235145294010816006515969108786","278513104821611817536275313915076663517","4673132117142091050757882635298128680","321190893225820197475295782418382520065","253970365416795940107815491429758261764","219249697710415729971168519754561996685","4782723150209890039850067497391072093","332615740631294983225814078449734214635"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/earley_parser.h"},"id":"CVE-2025-58446-044479bc"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"302639118348788553224940390545566869968","length":762},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_printer.cc","function":"GrammarPrinter::PrintGrammarExpr"},"id":"CVE-2025-58446-194aef7e"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"172792112736910810557844565124458982019","length":2153},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_matcher.cc","function":"GrammarMatcher::Impl::AcceptToken"},"id":"CVE-2025-58446-29ca50f3"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["56080762061893791002981800371633200640","247022838996726987168913400362756957700","202133637672257738254718743439354295800","271474753884181508874849572505829898309"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_printer.h"},"id":"CVE-2025-58446-3033c2c5"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["112602105549582667306141772884017295243","290114025757052205614330659170531752057","284953303541646043173278010257420815707","334746197421685558192593913632315912205","23081141040025620050228882120394284267","278654988761765839728035762871728394403","213637105284858322136516203613684860827","258143106701226113119277786585343713592","225150031649387234099421299353661623152","162449157244741876946417407261686013122","213637105284858322136516203613684860827","89453615333203428228201514713003108374","102359382548462645904481650346470720696","93645492643116031182342171681034887546","213637105284858322136516203613684860827","320723770394138636998480480743650996323","238705892392041646434746151382961814981","239871070092842836011307325226125487831","213637105284858322136516203613684860827","33307362423652960446989677629754687958","321150299856368541597330531350287270859","181936368725909379807286537545768500610","221346334416083420645806746583779066197","63682230209161739298451952468303254410","217994316834081635478758358086457246611","37622784773015334631167881138330955669","118099976026844752298718480912723645817","158220170352223602384565751986955485354","243929470410724651353729230595458244555","176419493348848584949806985845009281073","41856708646213280184411278384269372506","313337898360373727391297690422323789059","148892105555365465588273885184618088218","4559006041789472558342338987666710502","146069397238487851524658222071920272768","262959542742484598388249244598389517024","192832911726129789556511590078870413927","57296480559174731575738812769031535561","327870077173291655947432327219024629997","216964185090453587483842216194632037809","313789315093159465720913512419975429738","147849508820353021636251184628367424558"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_functor.cc"},"id":"CVE-2025-58446-39b5d715"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"186933299382862111432599159024461122201","length":4726},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/earley_parser.cc","function":"EarleyParser::ExpandNextRuleRefElement"},"id":"CVE-2025-58446-41c1f497"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["76976321002181969116286274254612032641","32413394207906780995553128824714196869","330512433761045668027299319416480915397","164326009664550215229377015397246476693","21988859267345046041904216902788612306","17900290981952813225037210136924408005","85038710006734271529159048060736596973","218788085897112864748164702673671875595","248621222943330950073510017140747338243","69194878513836723940926386106083775340","279873156865449961373933284855101065024","142500692912870226746661662135745967522","68332181293610271667429699132656835932","76260659282348004510395108937583943422","251139003313780225379902896668293241541","12808934738918675345417845519996673461","54549334220360948120483299823753953765","11478254437545044110706115845366734596","217431673871101205243791076001839907086","223282064915209770460835083331035605285","285468802348942091210318403141444400192","83558431965929011439024154414918539091"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_matcher.cc"},"id":"CVE-2025-58446-5fd96eae"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["301951675587110767567120384660367481351","30331493308804867493284790567244068732","206147384760578736552268015727578390479"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_builder.h"},"id":"CVE-2025-58446-62053a18"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"161438819130424822980505800123432504714","length":1231},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/earley_parser.cc","function":"EarleyParser::Complete"},"id":"CVE-2025-58446-87b29b35"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["52513561194766093539239326439894073869","35270670210275857423566860302300858380","276478607534805384252902961663473019548","232313305004682284909132123150548401795","63740613574296071008310519920731888916","132584850972305923057454636073598875788","49726015488209987358954912530492457394","274638103728385002388219568853720791066","143923764043491049735801809712858426685","235622727082815536597233203483959573121","233128129431973304421960728809327849132","210700579132393051244022797413406130062","325591489616152253273390995574909315566","283484006195963793809761559996238760190","246313072942588656165935913276834422406","67097161299901339044508170918982500672","300925042820194240548959146292893713962","337692875098935941052241961359249277954","17159449519238521517642428435238245412","20253402103687417232209628733145687562","195157769708263932295493956745441431005","305947519849032275954931112004360604505","283767348263668019166319314593961624727","64163066046628423791442097777399295192","276912932185304992985940528086553647818","245373129073375153176168752904527791695","285145308583884040385803590056214460370","113120077081988808723830082092806962759","223951763501910709292208689405271748675","310685912795573966435028204539227241723","147277511117184611609720550074735448745","294201773578493170407011666392349704680","140078398773832233702903531724797654541","321724381636880443976205149328306668289","179706689997285272109234767521703583824","50503696620692465680048503108391193889","66679956821880937229532857766932922144","150609598635491699169810420764249333427","326824579550149206165542522054337132131","287145725404071539119265717002722750831","198206050183770245470015710624426802799","112493624523598311786922164005779463618","180007669265582039138365141033921620963","160636536448341257406955113771741878338"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_parser.cc"},"id":"CVE-2025-58446-98b4a8c5"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["73393687711908575317387899963301738671","232903381353737600172437576191564984664","55065053845102197411071047094060954759","303132192066328872255910006175371034387","185852490813239765803765652511833633342","76308316555300124921463589841822251127","312370628461931439589781080668418910641","278010630476125924142618573619515767638","136657677755080091143987877774370923157","259144844069977430199478391335199495216","307986542320564116806643074881994409009","200067490960072819924224020929648299708","183941639361789496225329165104671273978"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_functor.h"},"id":"CVE-2025-58446-9f93e3ec"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"11346293221467573360197784199299924289","length":3111},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_compiler.cc","function":"GrammarCompiler::Impl::MultiThreadCompileGrammar"},"id":"CVE-2025-58446-a1ba3f92"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"58117636399936332832491857875034132333","length":1113},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/earley_parser.cc","function":"EarleyParser::Predict"},"id":"CVE-2025-58446-a2ef5ea3"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["280173064313620117186367827620017368631","336813842979378075880122604523451666307","180377210299423167722827750503810881078","139059663655162312864771771272058683027","164024896408126083146001159864896003717","185347464607807551849852840584795434981","13311781242364370378673633072824459363","202965978844347261409512126534103469910","150731580044531446982288713005731003888","188093570816381291260230135722961454472","90802078147079544816468350698218451922","330113472461932780913961945342028263372","302673001035674056643229627464515469159","73706315817951693166139307602016983015","41756153826833458468393585010066662305","253640785102368339129573301106270109189","72057121555251073151837220070740799327","243029927631015238867636224253336163196","300575693884566794351483504743051513062","120392025729317665008855304023611560901","80806876545059057656313788431873022417","208888989794756079074655382964460549906","94674502220262594903052533055776822524","318569291675341055771356799256018560405","144873458189387824614560187583530759986","67248256592462250968318009631341149614","141536307755006770300625701031161266707","152215995417949396420967204466928115171","55317791937287062046636931836096882628","86611479786127483008652378786951099044","59718292683083346516649721581825450698","241405947753129884231569085355029811378","231426217816778544377790135278335468542","85642828722929890092993447104061072211","175069749550598425075641666959367042516","188582444875505251558724528443083334214","178759373617834010399715212796358497811","168620805770496913801742825877675050029","130596002888383318454873105978310994896","142250126056930842890343820997785799418","159139401060426554832452324842923181277","322118466615214194072240720757180921545","127122957221155223419911026239869475983","6939465198132055453552296677933480197","157824706626945326935174182520923508271","4551797425834678600350693893819053579","61091929257065138446416058234148376546","217573831779513840458304191541462188609","107394358618114421740300492370749272360","295091387267597016322105227028524907581","135850898561855283238493188766028741792","332270724133347353749885078253237804155","80021291123778005437330157285044072116","166180118740604798652662152487810111158","123800432833856074561518069600093318749","89394802994335962171523694340412998699"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_compiler.cc"},"id":"CVE-2025-58446-b53c921d"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["219166121743849751364954461428376843708","13249645532835272597314404891774955349","288988468955998196030935675077464573952","296248579205329396438645478671491951259","10344201825860528105228224400349575390","292389528776242712793759154625537765780","266101692155548921129075249601064699967","228979531845780385577143605778254321638","146408757075001900296208802180805018853","12598781889083368085675548006863831135","8731400529852480907886429508402791150","42902284288264443173117431282836113014","102481632529664340984895060976956625162","16164282735726715127581001007108207176","126618458550900479670412436442781607939","283403012818113115298024456803577360051","2124488587400758337436671087210559152","62328480155296567832115228747882344996","144375790173716425885953218121596677760","205215892409190705596549140107773233451","207756498780017842663723332025695911167","229234342560300325154534679029984399583","16051796312696265037731275805456752470","30929068931846674539003798942780869495","323892136319894279214617299501675223800","233274614161855900731534910191892423532","58559931032367457753173542144392517654","237334063425101614219700585306571431324","197775890749643360148506216658977835594","243980556882210687679527058461074493369","223107949625623543082729621704055240069","186337955961914798670130077597475160264","107001045830900699671500243233337390187","47042827199614221336493521894045987247","203407545197517212486057027374324118847","206704509863398245212238537887658288083","25418460421610973440526468153250420322","213838934792678850345477946870945926776","110029092430358350614173937463582715606","148586814163814199339430504100346409519","179320625903692620126697052257518018669","162605712851770514391701634618157945620","201323386390887994709482205914221357499","226376960646314093785934540623291219869","50091104779911715157414553770217045384","207777099126891364026959173885880206216","259279305327104109538745401632790249056","243475652724618975542507896295501980801","232477640707522716580004420499059051241","313854801603506711089056539472484497284","264289372196619194994378116903196020237","126058693869678905114969735366831582617","147121794209921226479034224947800997552","226482554715152497959561424952784416910","323892136319894279214617299501675223800","202819228287960469669893904860740663455","240014972408478441561836441747609828713"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/earley_parser.cc"},"id":"CVE-2025-58446-bbee0160"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["335040960939950666287347340331506140112","249942524477838473762085424400236949889","229385348172569596021058882053774487130","333046638404792702224217561479368888815","275897725690191794815297670657246794301","322095619265353083905706580931418470406","190229094778990894819198876336942005302"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_printer.cc"},"id":"CVE-2025-58446-c8bbaf96"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["236897495767803709110547615586371074368","301795451858242039821045680291715873495","283503370883019972256429827929722085105","319212724476970492248183335427457408225","9188236784881316996639570927704936946","285679526337355381558359880595441580179","183053670714551328381109191626948884139","66119448870426486874459144381988682483","105248154711930948496474843452038938422","315185931123126630393013448759311563171","119728113273511598471268069022936292779","247337949350827216418744265223510996048","193670926277526504254015288417886849010","229382206123939099018648279504496899848","117079922470267448815514581171160035694"]},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_impl.h"},"id":"CVE-2025-58446-d3e699a7"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"24021563019220537387460125884267839688","length":1460},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_parser.cc","function":"EBNFParser::HandleRepetitionRange"},"id":"CVE-2025-58446-eede1961"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"294019817607821468271453521369723363456","length":795},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_compiler.cc","function":"GrammarMatcherForTokenMaskCache::IsTokenPassLookaheadAssertion"},"id":"CVE-2025-58446-f6347b03"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"165877701480443407759217814872025261082","length":477},"source":"https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27","target":{"file":"cpp/grammar_functor.cc","function":"SeqExprIsEpsilon"},"id":"CVE-2025-58446-fe58a21d"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58446.json","vanir_signatures_modified":"2026-04-12T18:25:22Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}]}