CVE-2025-57809

HIGH

XGrammar <0.1.21 - Info Disclosure

Title source: llm

Description

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.

References (3)

[Vendor Advisory] https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc

[Exploit, Issue Tracking] https://github.com/mlc-ai/xgrammar/issues/250

[Patch] https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 9.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-674

Status published

Products (2)

mlc-ai/xgrammar < 0.1.21

pypi/xgrammar 0 - 0.1.21PyPI

Published Aug 25, 2025

Tracked Since Feb 18, 2026