Bug 2358639 (CVE-2025-32381, GHSA-389x-67px-mjg3)

Summary: CVE-2025-32381 xgrammar: xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jeder
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Xgrammar. This vulnerability allows a denial of service (DoS) via unbounded memory usage when handling a large number of unique grammar inputs from untrusted sources.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-04-09 15:02:13 UTC 
### Summary

Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this denial of service to occur.

### Details

The fix is to add a limit to the cache size. This was done in https://github.com/mlc-ai/xgrammar/pull/243

An example of making use of the new cache size limit can be found in vLLM here: https://github.com/vllm-project/vllm/pull/16283

### Impact

Any system making use of Xgrammar and taking requests as input from potentially untrusted parties would be vulnerable to this denial of service issue.