CVE-2025-71002 Overview
CVE-2025-71002 is a floating-point exception (FPE) vulnerability in the flow.column_stack component of OneFlow v0.9.0. OneFlow is an open-source deep learning framework used for distributed model training. Attackers can trigger a Denial of Service (DoS) condition by supplying crafted input to the affected function. The flaw is classified under CWE-369: Divide By Zero. Exploitation requires user interaction, such as processing attacker-supplied data through a OneFlow pipeline. Successful exploitation crashes the running process, disrupting machine learning workloads.
Critical Impact
Remote attackers can crash OneFlow v0.9.0 processes by passing crafted input to flow.column_stack, causing service disruption in ML training and inference workflows.
Affected Products
- OneFlow v0.9.0
- flow.column_stack component
- Deep learning pipelines depending on OneFlow tensor operations
Discovery Timeline
- 2026-01-28 - CVE-2025-71002 published to NVD
- 2026-02-03 - Last updated in NVD database
Technical Details for CVE-2025-71002
Vulnerability Analysis
The vulnerability resides in OneFlow's flow.column_stack tensor-stacking operation. When the function receives a crafted input, an arithmetic operation reaches a divide-by-zero condition, raising a floating-point exception. The unhandled exception terminates the host process. Because the attack vector is network-based with low complexity and no privileges required, any workflow that processes untrusted tensor inputs is exposed. The impact is limited to availability — no data confidentiality or integrity loss occurs. See the upstream report at GitHub Issue #10657 for reproduction details.
Root Cause
The root cause is missing input validation on shape or dimension parameters passed to flow.column_stack. The implementation performs an arithmetic operation, likely a modulus or division involving a tensor dimension, without verifying that the divisor is non-zero. When a zero-valued dimension reaches the calculation, the CPU raises a floating-point exception that the runtime does not catch.
Attack Vector
An attacker delivers a maliciously shaped tensor or parameter set to a service or notebook that invokes flow.column_stack. Exploitation requires user interaction, such as a developer loading a crafted model artifact or dataset. Once the function executes against the input, the process aborts. Repeated exploitation prevents legitimate training or inference from completing.
No verified public exploit code is available. See the vendor issue tracker for technical details.
Detection Methods for CVE-2025-71002
Indicators of Compromise
- Unexpected process termination of Python interpreters running OneFlow workloads with SIGFPE exit status.
- Crash logs referencing flow.column_stack in stack traces.
- Repeated restart events for ML training jobs processing externally sourced tensors.
Detection Strategies
- Monitor application logs for floating-point exception signals originating from OneFlow processes.
- Inspect inbound model artifacts and datasets for tensors containing zero-valued dimensions before passing them to stacking operations.
- Correlate process crash telemetry with recent ingestion of untrusted data sources.
Monitoring Recommendations
- Track OneFlow process uptime and abnormal exit codes across training infrastructure.
- Alert on repeated abort signals (SIGFPE, exit code 136) in container or pod logs.
- Audit code paths that expose flow.column_stack to user-controlled input.
How to Mitigate CVE-2025-71002
Immediate Actions Required
- Restrict flow.column_stack invocations to validated, internally generated tensor inputs.
- Add input validation to reject tensors with zero-valued dimensions before they reach OneFlow operations.
- Isolate OneFlow workloads handling untrusted data inside sandboxed containers with automatic restart policies.
Patch Information
No fixed version is referenced in the NVD entry at the time of publication. Monitor the OneFlow GitHub repository and Issue #10657 for upstream remediation. Upgrade to a patched release once available, or apply a custom wrapper that validates inputs to flow.column_stack.
Workarounds
- Wrap calls to flow.column_stack with a validation layer that rejects inputs containing dimensions equal to zero.
- Catch FloatingPointError and arithmetic exceptions around tensor stacking operations to prevent process termination.
- Use process supervisors to auto-restart crashed workers while the underlying issue is being remediated.
# Configuration example: validate tensor shapes before column_stack
python -c "
import oneflow as flow
def safe_column_stack(tensors):
for t in tensors:
if 0 in t.shape:
raise ValueError('Rejecting tensor with zero-valued dimension')
return flow.column_stack(tensors)
"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
