CVE-2025-57809 is a high-severity vulnerability identified in the open-source library xgrammar, developed by mlc-ai. xgrammar is designed for efficient, flexible, and portable structured generation, commonly used in applications requiring grammar-based parsing or generation. The vulnerability is classified under CWE-674, which pertains to uncontrolled recursion. Specifically, versions of xgrammar prior to 0.1.21 contain a flaw where certain grammar definitions can cause infinite recursion during processing. This uncontrolled recursion can lead to resource exhaustion, such as stack overflow or excessive CPU consumption, ultimately resulting in denial of service (DoS). The vulnerability has a CVSS 4.0 base score of 7.7, indicating a high impact. The vector indicates that the vulnerability is remotely exploitable (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and no authentication (AT:N). The impact is primarily on availability (VA:H), with no confidentiality or integrity impact. The issue was resolved in version 0.1.21 of xgrammar. No known exploits are currently reported in the wild. The vulnerability arises from the library's grammar processing logic, where recursive grammar rules are not properly bounded or checked, allowing an attacker to craft input that triggers infinite recursion. This can cause the application using xgrammar to crash or become unresponsive, potentially disrupting services that rely on it.

For European organizations, the impact of this vulnerability depends on the extent to which xgrammar is integrated into their software stacks. Organizations using xgrammar versions prior to 0.1.21 in production environments face risks of denial of service attacks, which could disrupt critical services, especially those relying on automated structured generation or parsing. This could affect sectors such as finance, telecommunications, and government services where uptime and reliability are critical. Since the vulnerability requires no authentication or user interaction, it could be exploited remotely by attackers to cause service outages. The lack of confidentiality or integrity impact limits the risk of data breaches, but availability disruptions can lead to operational downtime, loss of productivity, and reputational damage. Given the open-source nature of xgrammar, organizations embedding it in proprietary or open-source projects may be unaware of the vulnerability until disclosed, increasing exposure. The absence of known exploits in the wild suggests limited immediate threat, but proactive patching is essential to prevent future exploitation.

European organizations should immediately audit their software dependencies to identify any usage of xgrammar versions prior to 0.1.21. Where found, upgrading to version 0.1.21 or later is the primary mitigation step. If upgrading is not immediately feasible, organizations should implement input validation to detect and block inputs that could trigger recursive grammar expansions. Employing runtime monitoring to detect abnormal CPU or memory usage patterns indicative of infinite recursion can enable early detection and mitigation of exploitation attempts. Additionally, sandboxing or isolating components using xgrammar can limit the impact of potential crashes. Organizations should also subscribe to mlc-ai and relevant security advisories to receive timely updates on patches and exploit reports. Incorporating fuzz testing focused on grammar inputs can help identify similar recursion issues proactively in custom grammar definitions. Finally, integrating automated dependency scanning tools into the CI/CD pipeline can prevent vulnerable versions from being deployed.