N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-57809

GHSA ID

GHSA-5cmr-4px5-23pc

EPSS Score

CWE

CWE-674

Published

8/25/2025

Updated

8/25/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-57809

CVE-2025-57809: XGrammar affected by Denial of Service by infinite recursion grammars

Summary

This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-57809

GHSA ID

GHSA-5cmr-4px5-23pc

EPSS Score

CWE

CWE-674

Published

8/25/2025

Updated

8/25/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
xgrammar	pip	< 0.1.21	0.1.21

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a denial of service caused by uncontrolled recursion when processing grammars with left-recursive rules. The root cause was the use of a recursive descent-like parser (GrammarMatcherBase) which is not capable of handling such grammars. An attacker could craft a malicious grammar that, when compiled or used for matching, would cause the application to enter an infinite loop and crash.

The patch addresses this vulnerability by replacing the entire parsing engine with an Earley parser. The Earley parsing algorithm is well-suited for handling all context-free grammars, including those with left-recursion. The core of the fix is in the new EarleyParser class and its methods, which are now used by GrammarMatcher and GrammarCompiler.

The vulnerable functions identified were the main entry points to the old, vulnerable parsing logic. Any application using xgrammar to process user-supplied grammars would have been at risk. The patch effectively eliminates this vulnerability by using a more robust parsing algorithm.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry T*is issu*: *ttp://*it*u*.*om/ml*-*i/x*r*mm*r/issu*s/*** s*oul* **v* it's own s**urity **visory. Sin** s*v*r*l tools ****pt *n* p*ss us*r suppli** *r*mm*rs to x*r*mm*r, *n* it is so **sy to tri***r it s**ms lik* * *i**.

Reasoning

T** vuln*r**ility is * **ni*l o* s*rvi** **us** *y un*ontroll** r**ursion w**n pro**ssin* *r*mm*rs wit* l**t-r**ursiv* rul*s. T** root **us* w*s t** us* o* * r**ursiv* **s**nt-lik* p*rs*r (`*r*mm*rM*t***r**s*`) w*i** is not **p**l* o* **n*lin* su** *

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-57809: XGrammar affected by Denial of Service by infinite recursion grammars

Summary

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI