Vulnerability-Lookup

CVE-2025-58446 (GCVE-0-2025-58446)

Vulnerability from cvelistv5 – Published: 2025-09-06 19:06 – Updated: 2025-09-08 17:55

Title

xgrammar vulnerable to denial of service by huge enum grammar

Summary

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	mlc-ai	xgrammar	Affected: = 0.1.23, < 0.1.24

CERTFR-2025-AVI-0967

Vulnerability from certfr_avis - Published: 2025-11-05 - Updated: 2025-11-05

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	File Integrity Monitoring pour VMware Tanzu Platform versions antérieures à 2.1.49
VMware	Tanzu Platform	Cloud Service Broker pour Azure pour VMware Tanzu Platform versions antérieures à 1.13.1
VMware	Tanzu Platform	AI Services pour VMware Tanzu Platform versions antérieures à 10.3.0
VMware	Tanzu Platform	Scheduler pour VMware Tanzu Platform versions antérieures à 2.0.21
VMware	Tanzu Platform	Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.4
VMware	Tanzu Platform	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T
VMware	Tanzu Platform	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T
VMware	Tanzu Platform	.NET Core Buildpack versions antérieures à 2.4.64
VMware	Tanzu Platform	VMware Tanzu Data Flow sur Tanzu Platform versions antérieures à 2.0.0
VMware	Tanzu Platform	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.4
VMware	Tanzu Platform	CredHub Secrets Management pour VMware Tanzu Platform versions antérieures à 1.6.7
VMware	Tanzu Platform	Extended App Support pour Tanzu Platform versions antérieures à 1.0.8
VMware	Tanzu Platform	Go Buildpack versions antérieures à 1.10.57
VMware	Tanzu Platform	VMware Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 10.1.0
VMware	Tanzu Platform	NodeJS Buildpack versions antérieures à 1.8.61
VMware	Tanzu Platform	Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.0
VMware	Tanzu Platform	Application Services pour VMware Tanzu Platform versions antérieures à 3.3.11
VMware	Tanzu Platform	IPsec Encryption pour VMware Tanzu Platform versions antérieures à 1.9.68

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36323	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36343	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-99	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36305	2025-11-04	vendor-advisory
Bulletin de sécurité VMware 36345	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-53	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-81	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2024-41	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36334	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36335	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36340	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36319	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36339	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36322	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36321	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-68	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36336	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36318	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36337	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36346	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-81	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36317	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36344	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36341	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36314	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2024-41	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36332	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36304	2025-11-04	vendor-advisory
Bulletin de sécurité VMware 36342	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36333	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-99	2025-11-05	vendor-advisory
Bulletin de sécurité VMware 36338	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-53	2025-11-05	vendor-advisory
Bulletin de sécurité VMware DSA-2025-68	2025-11-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "File Integrity Monitoring pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.1.49",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Service Broker pour Azure pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.13.1",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Scheduler pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.21",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.4",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.64",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu Data Flow sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "CredHub Secrets Management pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.7",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.8",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.57",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.61",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Application Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.3.11",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "IPsec Encryption pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.9.68",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2020-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
    },
    {
      "name": "CVE-2020-2756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
    },
    {
      "name": "CVE-2020-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
    },
    {
      "name": "CVE-2020-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
    },
    {
      "name": "CVE-2020-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
    },
    {
      "name": "CVE-2020-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
    },
    {
      "name": "CVE-2020-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
    },
    {
      "name": "CVE-2020-2755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
    },
    {
      "name": "CVE-2020-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
    },
    {
      "name": "CVE-2020-2773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
    },
    {
      "name": "CVE-2020-14579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
    },
    {
      "name": "CVE-2020-14577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
    },
    {
      "name": "CVE-2020-14578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
    },
    {
      "name": "CVE-2020-14621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
    },
    {
      "name": "CVE-2020-14583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
    },
    {
      "name": "CVE-2020-14581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
    },
    {
      "name": "CVE-2020-14664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
    },
    {
      "name": "CVE-2020-14593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
    },
    {
      "name": "CVE-2020-14556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
    },
    {
      "name": "CVE-2020-14796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
    },
    {
      "name": "CVE-2020-14792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
    },
    {
      "name": "CVE-2020-14779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
    },
    {
      "name": "CVE-2020-14798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
    },
    {
      "name": "CVE-2020-14797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
    },
    {
      "name": "CVE-2020-14781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
    },
    {
      "name": "CVE-2020-14782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
    },
    {
      "name": "CVE-2021-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
    },
    {
      "name": "CVE-2021-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
    },
    {
      "name": "CVE-2021-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
    },
    {
      "name": "CVE-2021-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
    },
    {
      "name": "CVE-2021-2369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2021-35560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
    },
    {
      "name": "CVE-2021-35586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
    },
    {
      "name": "CVE-2021-35559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
    },
    {
      "name": "CVE-2021-35567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2021-35561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
    },
    {
      "name": "CVE-2021-35565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
    },
    {
      "name": "CVE-2021-35588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
    },
    {
      "name": "CVE-2021-35564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
    },
    {
      "name": "CVE-2021-35556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
    },
    {
      "name": "CVE-2022-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
    },
    {
      "name": "CVE-2022-21291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
    },
    {
      "name": "CVE-2022-21340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
    },
    {
      "name": "CVE-2022-21282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
    },
    {
      "name": "CVE-2022-21271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
    },
    {
      "name": "CVE-2022-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
    },
    {
      "name": "CVE-2022-21365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
    },
    {
      "name": "CVE-2022-21305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
    },
    {
      "name": "CVE-2022-21360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
    },
    {
      "name": "CVE-2022-21296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
    },
    {
      "name": "CVE-2022-21293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
    },
    {
      "name": "CVE-2022-21248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
    },
    {
      "name": "CVE-2022-21299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
    },
    {
      "name": "CVE-2022-21294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2022-21476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2022-21434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2022-21541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
    },
    {
      "name": "CVE-2022-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
    },
    {
      "name": "CVE-2022-3358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2023-30584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
    },
    {
      "name": "CVE-2023-39332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
    },
    {
      "name": "CVE-2023-38552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
    },
    {
      "name": "CVE-2023-39331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2024-21068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
    },
    {
      "name": "CVE-2023-46809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
    },
    {
      "name": "CVE-2024-22019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2024-21892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2025-9231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
    },
    {
      "name": "CVE-2025-41244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2025-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2025-55248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2025-55315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
    },
    {
      "name": "CVE-2023-39333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2024-22017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
    },
    {
      "name": "CVE-2024-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2024-5642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2024-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
    },
    {
      "name": "CVE-2025-55754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2025-47910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
    },
    {
      "name": "CVE-2025-40025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
    },
    {
      "name": "CVE-2025-40026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
    },
    {
      "name": "CVE-2025-40027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
    },
    {
      "name": "CVE-2024-21890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
    },
    {
      "name": "CVE-2024-21891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
    },
    {
      "name": "CVE-2024-21896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2023-52969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
    },
    {
      "name": "CVE-2023-52970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
    },
    {
      "name": "CVE-2024-21510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
    },
    {
      "name": "CVE-2024-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3446"
    },
    {
      "name": "CVE-2024-3447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3447"
    },
    {
      "name": "CVE-2024-4467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4467"
    },
    {
      "name": "CVE-2024-58266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
    },
    {
      "name": "CVE-2024-6505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6505"
    },
    {
      "name": "CVE-2024-7409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7409"
    },
    {
      "name": "CVE-2024-8244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
    },
    {
      "name": "CVE-2025-46551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
    },
    {
      "name": "CVE-2025-54798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
    },
    {
      "name": "CVE-2025-58446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58446"
    },
    {
      "name": "CVE-2025-58767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
    },
    {
      "name": "CVE-2025-59425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
    },
    {
      "name": "CVE-2025-59830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
    },
    {
      "name": "CVE-2025-61620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
    },
    {
      "name": "CVE-2025-61770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
    },
    {
      "name": "CVE-2025-61771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
    },
    {
      "name": "CVE-2025-61772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
    },
    {
      "name": "CVE-2025-61780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
    },
    {
      "name": "CVE-2025-61919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
    },
    {
      "name": "CVE-2025-61921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
    },
    {
      "name": "CVE-2025-6242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2024-27980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
    },
    {
      "name": "CVE-2024-36137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
    },
    {
      "name": "CVE-2024-36138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
    },
    {
      "name": "CVE-2024-37372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
    },
    {
      "name": "CVE-2024-38229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
    },
    {
      "name": "CVE-2024-43483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
    },
    {
      "name": "CVE-2024-43484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
    },
    {
      "name": "CVE-2024-43485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2025-21502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2025-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-21574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
    },
    {
      "name": "CVE-2025-21575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
    },
    {
      "name": "CVE-2025-21577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
    },
    {
      "name": "CVE-2025-21579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
    },
    {
      "name": "CVE-2025-21580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
    },
    {
      "name": "CVE-2025-21581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
    },
    {
      "name": "CVE-2025-21584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
    },
    {
      "name": "CVE-2025-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
    },
    {
      "name": "CVE-2025-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
    },
    {
      "name": "CVE-2025-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
    },
    {
      "name": "CVE-2025-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
    },
    {
      "name": "CVE-2025-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
    },
    {
      "name": "CVE-2025-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
    },
    {
      "name": "CVE-2025-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
    },
    {
      "name": "CVE-2025-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
    },
    {
      "name": "CVE-2025-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
    },
    {
      "name": "CVE-2025-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
    },
    {
      "name": "CVE-2025-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
    },
    {
      "name": "CVE-2025-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
    },
    {
      "name": "CVE-2025-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
    },
    {
      "name": "CVE-2025-30703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
    },
    {
      "name": "CVE-2025-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
    },
    {
      "name": "CVE-2025-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
    },
    {
      "name": "CVE-2025-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
    },
    {
      "name": "CVE-2025-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
    },
    {
      "name": "CVE-2025-30722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-4207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-23165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
    },
    {
      "name": "CVE-2025-23166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
    },
    {
      "name": "CVE-2025-23167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-52434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-50077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
    },
    {
      "name": "CVE-2025-50078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
    },
    {
      "name": "CVE-2025-50079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
    },
    {
      "name": "CVE-2025-50080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
    },
    {
      "name": "CVE-2025-50082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
    },
    {
      "name": "CVE-2025-50083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
    },
    {
      "name": "CVE-2025-50084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
    },
    {
      "name": "CVE-2025-50085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
    },
    {
      "name": "CVE-2025-50086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
    },
    {
      "name": "CVE-2025-50087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
    },
    {
      "name": "CVE-2025-50088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
    },
    {
      "name": "CVE-2025-50091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
    },
    {
      "name": "CVE-2025-50092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
    },
    {
      "name": "CVE-2025-50093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
    },
    {
      "name": "CVE-2025-50094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
    },
    {
      "name": "CVE-2025-50096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
    },
    {
      "name": "CVE-2025-50097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
    },
    {
      "name": "CVE-2025-50098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
    },
    {
      "name": "CVE-2025-50099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
    },
    {
      "name": "CVE-2025-50100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
    },
    {
      "name": "CVE-2025-50101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
    },
    {
      "name": "CVE-2025-50102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
    },
    {
      "name": "CVE-2025-50104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
    },
    {
      "name": "CVE-2025-53023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2025-25186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
    },
    {
      "name": "CVE-2025-27221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-49014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2024-12254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
    },
    {
      "name": "CVE-2025-27210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
    },
    {
      "name": "CVE-2025-48989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
    },
    {
      "name": "CVE-2025-24293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
    },
    {
      "name": "CVE-2025-55193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
    },
    {
      "name": "CVE-2025-41242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
    },
    {
      "name": "CVE-2025-8713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
    },
    {
      "name": "CVE-2025-8714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
    },
    {
      "name": "CVE-2025-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2025-54410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
    },
    {
      "name": "CVE-2025-53864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-41248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    }
  ],
  "initial_release_date": "2025-11-05T00:00:00",
  "last_revision_date": "2025-11-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0967",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36323",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36343",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326"
    },
    {
      "published_at": "2025-11-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36305",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36345",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36334",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36335",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36340",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36319",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36339",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36322",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36321",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36336",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36336"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36318",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36318"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36337",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36337"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36346",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36346"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36315"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36317",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36317"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36344",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36344"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36341",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36341"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36314",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36314"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36330"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36332",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36332"
    },
    {
      "published_at": "2025-11-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36304",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36304"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36342",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36342"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36333",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36333"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36327"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36338",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36338"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36328"
    },
    {
      "published_at": "2025-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36325"
    }
  ]
}

FKIE_CVE-2025-58446

Vulnerability from fkie_nvd - Published: 2025-09-06 19:15 - Updated: 2025-09-18 15:57

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27	Patch
	security-advisories@github.com	https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-9q5r-wfvf-rr7f	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mlc-ai	xgrammar	0.1.23

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mlc-ai:xgrammar:0.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9934AC-C515-4013-8BA9-28088A2BD4A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (\u003e100k characters) at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24."
    }
  ],
  "id": "CVE-2025-58446",
  "lastModified": "2025-09-18T15:57:02.380",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-06T19:15:38.733",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-9q5r-wfvf-rr7f"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-9Q5R-WFVF-RR7F

Vulnerability from github – Published: 2025-09-05 21:10 – Updated: 2025-09-10 20:51

Summary

xgrammar vulnerable to denial of service by huge enum grammar

Details

Summary

Provided grammar, would fit in a context window of most of the models, but takes minutes to process in 0.1.23. In testing with 0.1.16 the parser worked fine so this seems to be a regression caused by Earley parser.

Details

Full reproducer provider in the POC section. The resulting grammar is around 70k tokens, and the grammar parsing itself (with the models I checked) was significantly longer than LLM processing itself, meaning this can be used to DOS model providers.

Patch

This problem is caused by the grammar optimizer introduced in v0.1.23 being too slow. It only happens for very large grammars (>100k characters), like the below one. v0.1.24 solved this problem by optimizing the speed of the grammar optimizer and disable some slow optimization for large grammars.

Thanks to @Seven-Streams

PoC

import string
import random

def enum_schema(size=10000,str_len=10):
    enum =  {"enum": ["".join(random.choices(string.ascii_uppercase, k=str_len)) for _ in range(size)]}
    schema = {
        "definitions": {
            "colorEnum": enum
        },
        "type": "object",
        "properties": {
            "color1": {
                "$ref": "#/definitions/colorEnum"
            },
            "color2": {
                "$ref": "#/definitions/colorEnum"
            },
            "color3": {
                "$ref": "#/definitions/colorEnum"
            },
            "color4": {
                "$ref": "#/definitions/colorEnum"
            },
            "color5": {
                "$ref": "#/definitions/colorEnum"
            },
            "color6": {
                "$ref": "#/definitions/colorEnum"
            },
            "color7": {
                "$ref": "#/definitions/colorEnum"
            },
            "color8": {
                "$ref": "#/definitions/colorEnum"
            }
        },
        "required": [
                "color1",
                "color2"
         ]
    }
    return schema

schema_enum = enum_schema()
print(schema_enum)
print(test_schema(schema_enum, {}))

where:

def test_schema(schema, instance):
    grammar = xgr.Grammar.from_json_schema(
        json.dumps(schema),
        strict_mode=True
    )
    return _is_grammar_accept_string(grammar, json.dumps(instance))

Impact

DOS

Severity ?

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "xgrammar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.23"
            },
            {
              "fixed": "0.1.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.1.23"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-58446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-05T21:10:06Z",
    "nvd_published_at": "2025-09-06T19:15:38Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nProvided grammar, would fit in a context window of most of the models, but takes minutes to process in 0.1.23. In testing with 0.1.16 the parser worked fine so this seems to be a regression caused by Earley parser.\n\n### Details\n\nFull reproducer provider in the POC section. The resulting grammar is around 70k tokens, and the grammar parsing itself (with the models I checked) was significantly longer than LLM processing itself, meaning this can be used to DOS model providers.\n\n### Patch\n\nThis problem is caused by the grammar optimizer introduced in v0.1.23 being too slow. It only happens for very large grammars (\u003e100k characters), like the below one. v0.1.24 solved this problem by optimizing the speed of the grammar optimizer and disable some slow optimization for large grammars. \n\nThanks to @Seven-Streams \n\n### PoC\n```\nimport string\nimport random\n\ndef enum_schema(size=10000,str_len=10):\n    enum =  {\"enum\": [\"\".join(random.choices(string.ascii_uppercase, k=str_len)) for _ in range(size)]}\n    schema = {\n        \"definitions\": {\n            \"colorEnum\": enum\n        },\n        \"type\": \"object\",\n        \"properties\": {\n            \"color1\": {\n                \"$ref\": \"#/definitions/colorEnum\"\n            },\n            \"color2\": {\n                \"$ref\": \"#/definitions/colorEnum\"\n            },\n            \"color3\": {\n                \"$ref\": \"#/definitions/colorEnum\"\n            },\n            \"color4\": {\n                \"$ref\": \"#/definitions/colorEnum\"\n            },\n            \"color5\": {\n                \"$ref\": \"#/definitions/colorEnum\"\n            },\n            \"color6\": {\n                \"$ref\": \"#/definitions/colorEnum\"\n            },\n            \"color7\": {\n                \"$ref\": \"#/definitions/colorEnum\"\n            },\n            \"color8\": {\n                \"$ref\": \"#/definitions/colorEnum\"\n            }\n        },\n        \"required\": [\n                \"color1\",\n                \"color2\"\n         ]\n    }\n    return schema\n\nschema_enum = enum_schema()\nprint(schema_enum)\nprint(test_schema(schema_enum, {}))\n```\n\nwhere:\n```\ndef test_schema(schema, instance):\n    grammar = xgr.Grammar.from_json_schema(\n        json.dumps(schema),\n        strict_mode=True\n    )\n    return _is_grammar_accept_string(grammar, json.dumps(instance))\n```\n\n### Impact\nDOS",
  "id": "GHSA-9q5r-wfvf-rr7f",
  "modified": "2025-09-10T20:51:27Z",
  "published": "2025-09-05T21:10:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-9q5r-wfvf-rr7f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58446"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mlc-ai/xgrammar/commit/ced69c3ad2f8f61b516cc278a342e7c644383e27"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mlc-ai/xgrammar"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "xgrammar vulnerable to denial of service by huge enum grammar"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-58446 (GCVE-0-2025-58446)

CERTFR-2025-AVI-0967

Solutions

FKIE_CVE-2025-58446

GHSA-9Q5R-WFVF-RR7F

Summary

Details

Patch

PoC

Impact

Tags

Sightings

Nomenclature