CVE-2025-65887 Overview
A division-by-zero vulnerability exists in the flow.floor_divide() component of OneFlow v0.9.0, a high-performance deep learning framework. This vulnerability allows attackers to cause a Denial of Service (DoS) condition by supplying a crafted input tensor containing zero values. When the vulnerable function processes such malformed input, it triggers an unhandled arithmetic exception that crashes the application or service.
Critical Impact
Attackers can remotely crash OneFlow-based machine learning applications and services by providing specially crafted tensor inputs containing zero values to the floor_divide() function, causing complete service disruption.
Affected Products
- OneFlow v0.9.0
- Applications and services built using OneFlow v0.9.0 that expose tensor operations
- Machine learning inference pipelines utilizing the flow.floor_divide() function
Discovery Timeline
- 2026-01-28 - CVE CVE-2025-65887 published to NVD
- 2026-01-29 - Last updated in NVD database
Technical Details for CVE-2025-65887
Vulnerability Analysis
This vulnerability is a classic division-by-zero condition that occurs when the flow.floor_divide() function in OneFlow receives a tensor with zero values as the divisor operand. The function performs element-wise floor division on tensors but fails to properly validate that the divisor tensor does not contain zero values before executing the division operation.
When exploited, the arithmetic exception propagates up through the call stack, resulting in immediate application termination. In production environments where OneFlow powers machine learning inference services, this vulnerability can be leveraged to repeatedly crash the service, effectively creating a denial of service condition.
The vulnerability requires no special privileges to exploit, only the ability to provide input data to the affected function. In networked ML serving environments where user-provided data flows into tensor operations, this creates a significant attack surface.
Root Cause
The root cause is insufficient input validation in the flow.floor_divide() component. The function does not perform bounds checking or zero-value validation on the divisor tensor before executing the floor division operation. When a zero appears in any position of the divisor tensor, the CPU or GPU instruction encounters a division-by-zero condition, which triggers a hardware exception that is not caught or handled gracefully by the OneFlow runtime.
Attack Vector
The attack vector is network-based, requiring user interaction in the form of providing malicious input. An attacker can exploit this vulnerability by:
- Identifying an application or service that uses OneFlow's flow.floor_divide() function
- Crafting an input tensor where the divisor contains zero values at one or more positions
- Submitting this malformed tensor through whatever interface the application exposes (API endpoint, file upload, etc.)
- The vulnerable function processes the input without validation and crashes when attempting the division
The vulnerability is exploitable remotely in scenarios where ML models accept external input data that eventually flows into tensor division operations. This is common in inference servers, data processing pipelines, and interactive ML applications.
Detection Methods for CVE-2025-65887
Indicators of Compromise
- Unexpected application crashes with arithmetic exception or SIGFPE signals in logs
- Repeated segmentation faults or process terminations in OneFlow-based services
- Error logs indicating division-by-zero conditions in tensor operations
- Service availability issues coinciding with processing of specific input data
Detection Strategies
- Monitor application crash logs for SIGFPE (floating point exception) signals
- Implement input validation logging to track tensor values entering floor_divide() operations
- Set up process monitoring to detect abnormal restart patterns in ML services
- Review OneFlow debug output for unhandled arithmetic exceptions
Monitoring Recommendations
- Configure alerting for repeated service crashes within short time windows
- Implement health check endpoints that verify tensor operation integrity
- Enable detailed exception logging in OneFlow applications to capture crash context
- Monitor resource consumption patterns that may indicate DoS attack attempts
How to Mitigate CVE-2025-65887
Immediate Actions Required
- Audit code for usage of flow.floor_divide() function with external input data
- Implement input validation to check divisor tensors for zero values before calling floor_divide
- Add exception handling around tensor division operations to prevent service crashes
- Consider rate limiting or input sanitization for externally-facing ML services
Patch Information
As of the last NVD update on 2026-01-29, no official patch has been released. Users should monitor the OneFlow GitHub Repository for security updates. The vulnerability details are tracked in Oneflow Issue #10665.
Workarounds
- Wrap all flow.floor_divide() calls in try-except blocks to catch arithmetic exceptions
- Implement a validation function that checks divisor tensors for zero values before processing
- Replace flow.floor_divide() with a custom implementation that handles zero divisors gracefully
- Isolate tensor operations in separate processes to prevent cascade failures
# Workaround: Validate divisor tensor before floor_divide operation
import oneflow as flow
def safe_floor_divide(dividend, divisor):
# Check for zero values in divisor tensor
if flow.any(divisor == 0):
raise ValueError("Divisor tensor contains zero values")
return flow.floor_divide(dividend, divisor)
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

