CVE-2025-32381: xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory

April 9, 2025

Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host’s memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this denial of service to occur.

References

github.com/advisories/GHSA-389x-67px-mjg3
github.com/mlc-ai/xgrammar
github.com/mlc-ai/xgrammar/pull/243
github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3
github.com/vllm-project/vllm/pull/16283
nvd.nist.gov/vuln/detail/CVE-2025-32381

Code Behaviors & Features

Detect and mitigate CVE-2025-32381 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →