CVE-2025-65888 Overview
A dimension validation flaw exists in the flow.empty() component of OneFlow 0.9.0 that allows attackers to cause a Denial of Service (DoS) condition. The vulnerability occurs when the component fails to properly validate dimension values, permitting negative or excessively large dimension inputs that can crash the application or exhaust system resources.
Critical Impact
Remote attackers can exploit this input validation flaw to trigger a Denial of Service condition without authentication, potentially disrupting machine learning workflows and production systems relying on OneFlow.
Affected Products
- OneFlow 0.9.0
- OneFlow flow.empty() component
- Systems utilizing OneFlow tensor operations with user-supplied dimension parameters
Discovery Timeline
- 2026-01-28 - CVE CVE-2025-65888 published to NVD
- 2026-01-29 - Last updated in NVD database
Technical Details for CVE-2025-65888
Vulnerability Analysis
This vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption), manifesting specifically as an input validation failure in OneFlow's tensor creation functionality. The flow.empty() function is designed to create tensors with specified dimensions, but the implementation lacks proper boundary checks on dimension parameters.
When a user or attacker supplies a negative dimension value or an excessively large positive value, the function fails to reject these invalid inputs at the validation stage. This oversight can lead to memory allocation failures, resource exhaustion, or unexpected application behavior that results in service unavailability.
The vulnerability is particularly concerning in environments where OneFlow processes untrusted input, such as web services exposing machine learning inference APIs or multi-tenant GPU computing platforms.
Root Cause
The root cause stems from insufficient input validation in the dimension parameter handling logic of the flow.empty() component. The function does not implement proper bounds checking to ensure dimension values fall within acceptable ranges before attempting tensor allocation. Negative dimensions are logically invalid for tensor creation, while extremely large dimensions can trigger integer overflow conditions or memory exhaustion scenarios.
Attack Vector
The vulnerability is exploitable over the network without requiring authentication or user interaction. An attacker can craft malicious requests containing invalid dimension parameters and send them to any service that exposes OneFlow tensor operations. The attack requires low complexity to execute—simply passing a negative integer (e.g., -1) or an extremely large value to the dimension parameter of flow.empty() can trigger the DoS condition.
The attack does not compromise data confidentiality or integrity, but successfully terminates or hangs the target process, causing complete loss of availability for affected services.
Detection Methods for CVE-2025-65888
Indicators of Compromise
- Unexpected application crashes or terminations in OneFlow-based services
- Error logs showing memory allocation failures or invalid dimension exceptions
- Process hangs with abnormally high memory consumption during tensor operations
- Repeated requests containing negative or extremely large integer values in tensor dimension parameters
Detection Strategies
- Monitor application logs for dimension-related errors or exceptions in flow.empty() calls
- Implement input validation logging to detect anomalous dimension values before they reach OneFlow functions
- Deploy application-level rate limiting to identify potential DoS attack patterns
- Use runtime monitoring to detect memory exhaustion or unusual resource consumption patterns
Monitoring Recommendations
- Set up alerting for OneFlow process crashes or unexpected restarts
- Monitor system memory usage for sudden spikes correlated with tensor creation operations
- Track API request patterns for dimension parameters outside normal operational ranges
- Implement health checks that verify OneFlow service responsiveness
How to Mitigate CVE-2025-65888
Immediate Actions Required
- Update OneFlow to a patched version when available from the vendor
- Implement input validation at the application layer to reject negative or excessively large dimension values before passing to flow.empty()
- Restrict network access to OneFlow-based services to trusted sources only
- Deploy web application firewalls or API gateways to filter malicious input patterns
Patch Information
Users should monitor the OneFlow GitHub Repository for security updates addressing this vulnerability. The issue has been documented in GitHub Issue #10664. Contact the OneFlow maintainers or check the OneFlow Official Site for official patch announcements and updated releases.
Workarounds
- Implement wrapper functions that validate dimension parameters before calling flow.empty(), ensuring values are positive and within reasonable bounds
- Deploy application-level exception handling to gracefully catch and recover from dimension-related failures
- Use containerization with resource limits to prevent a single crash from affecting the entire system
- Consider running OneFlow in isolated environments to limit the blast radius of potential DoS attacks
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
