CVE-2025-57809 Overview
CVE-2025-57809 is an infinite recursion vulnerability affecting XGrammar, an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar contains a flaw in its grammar processing that can trigger infinite recursion, leading to a denial of service condition. This issue has been resolved in version 0.1.21 through a significant architectural change that replaces the pushdown automata with an Earley parser.
Critical Impact
Attackers can remotely trigger infinite recursion in XGrammar's grammar processing, causing application crashes and denial of service without requiring authentication or user interaction.
Affected Products
- mlc-ai XGrammar versions prior to 0.1.21
Discovery Timeline
- August 25, 2025 - CVE-2025-57809 published to NVD
- September 9, 2025 - Last updated in NVD database
Technical Details for CVE-2025-57809
Vulnerability Analysis
The vulnerability resides in XGrammar's grammar parsing implementation, which previously utilized a pushdown automata approach. This design introduced a critical flaw where certain grammar constructs could trigger uncontrolled recursive function calls (CWE-674). When processing specially crafted input, the parser would enter an infinite recursion loop, consuming stack space until the application crashes or becomes unresponsive.
The vulnerability is exploitable over the network without requiring any privileges or user interaction, making it particularly dangerous for applications that expose XGrammar's functionality to untrusted input sources. The impact is limited to availability—there is no direct compromise of confidentiality or integrity, but the denial of service can be severe for production systems relying on this library for structured generation tasks.
Root Cause
The root cause is the lack of recursion depth limiting in the pushdown automata-based grammar parser. The original implementation did not include safeguards against grammar rules that could create cycles or deeply nested recursive patterns, allowing malicious or malformed input to exploit this behavior.
Attack Vector
An attacker can exploit this vulnerability by submitting specially crafted grammar rules or input that triggers the recursive parsing path. Since the attack vector is network-based and requires no authentication, any application exposing XGrammar's parsing functionality to external input is potentially vulnerable. The attack does not require complex conditions to execute successfully.
// Security patch showing architectural change to Earley parser
// Source: https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5
#include <utility>
#include <vector>
+#include "earley_parser.h"
+
// matcher_data_structure.h is included to use StackElement
#include "persistent_stack.h"
#include "support/dynamic_bitset.h"
The fix introduces an Earley parser to replace the vulnerable pushdown automata implementation. The Earley parsing algorithm is better suited to handle complex grammar constructs without falling into infinite recursion, as it uses a chart-based approach rather than recursive descent.
Detection Methods for CVE-2025-57809
Indicators of Compromise
- Abnormally high CPU utilization in processes using XGrammar library
- Stack overflow crashes in applications utilizing grammar parsing functionality
- Repeated application restarts or service interruptions correlating with grammar processing requests
- Memory consumption spikes followed by process termination
Detection Strategies
- Monitor application logs for stack overflow exceptions or segmentation faults in XGrammar-related code paths
- Implement resource monitoring to detect runaway CPU or memory usage in services using XGrammar
- Deploy application performance monitoring (APM) to identify hung or unresponsive grammar processing threads
- Review dependency manifests to identify XGrammar versions prior to 0.1.21
Monitoring Recommendations
- Set up alerts for process crashes in applications using the XGrammar library
- Implement request timeout monitoring for endpoints that process grammar-based input
- Track resource consumption metrics (CPU, memory, thread count) for services utilizing XGrammar
- Enable core dump collection to assist in post-incident analysis of crash events
How to Mitigate CVE-2025-57809
Immediate Actions Required
- Upgrade XGrammar to version 0.1.21 or later immediately
- Audit all applications and services for XGrammar dependency usage
- Implement input validation and size limits for grammar-related inputs as a defense-in-depth measure
- Consider temporarily disabling grammar processing features in production until patching is complete
Patch Information
The vulnerability has been addressed in XGrammar version 0.1.21. The fix involves a significant architectural change, replacing the pushdown automata parser with an Earley parser implementation that properly handles recursive grammar constructs. The security patch is available via the GitHub Commit. Additional details can be found in the GitHub Security Advisory.
Workarounds
- Implement request timeouts for any operations involving grammar parsing
- Add recursion depth limits at the application level if possible
- Deploy rate limiting on endpoints that accept grammar input to reduce attack surface
- Isolate XGrammar processing in sandboxed environments to contain potential crashes
# Upgrade XGrammar to the patched version
pip install --upgrade xgrammar>=0.1.21
# Verify installed version
pip show xgrammar | grep Version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
