CVE-2025-58446 is a medium-severity vulnerability classified under CWE-770, which pertains to the allocation of resources without limits or throttling. The affected product is xgrammar, an open-source library developed by mlc-ai designed for efficient, flexible, and portable structured generation. The vulnerability exists in version 0.1.23 and earlier versions prior to 0.1.24. Specifically, the issue arises from a grammar optimizer component introduced in version 0.1.23 that processes large grammars exceeding 100,000 characters at very low rates. This inefficient processing can be exploited to cause a denial-of-service (DoS) condition against model providers that utilize this library. The root cause is the lack of resource allocation limits or throttling mechanisms when handling large input grammars, which can lead to excessive consumption of CPU and memory resources, ultimately degrading service availability. The vulnerability does not require authentication, user interaction, or elevated privileges to exploit, and it can be triggered remotely (network vector). The CVSS 4.0 base score is 6.9, reflecting a medium severity level due to the potential impact on availability and the ease of exploitation. The issue has been addressed in version 0.1.24 of xgrammar, which implements appropriate resource management controls to prevent such abuse.

For European organizations, the primary impact of this vulnerability is the risk of denial-of-service attacks against services or applications that integrate the xgrammar library, particularly those providing AI model generation or structured data processing capabilities. Disruption of these services could lead to operational downtime, degraded user experience, and potential financial losses. Organizations relying on AI model providers that use xgrammar may experience service interruptions or degraded performance. Additionally, if these services are part of critical infrastructure or business processes, the DoS could have cascading effects on dependent systems. The vulnerability does not directly compromise confidentiality or integrity but poses a significant availability risk. Given the increasing adoption of AI and structured generation tools across European industries, including finance, healthcare, and technology sectors, the threat could affect a broad range of organizations. However, the absence of known exploits in the wild and the availability of a patch reduce immediate risk if mitigations are applied promptly.

European organizations should immediately assess their use of the xgrammar library, particularly versions 0.1.23 and earlier. The primary mitigation is to upgrade to version 0.1.24 or later, where the vulnerability has been fixed. Organizations should implement input validation and size restrictions on grammar inputs to prevent excessively large or malformed data from being processed. Rate limiting and resource throttling mechanisms should be enforced at the application or service level to mitigate potential abuse. Monitoring and alerting for unusual spikes in resource consumption related to grammar processing can help detect exploitation attempts early. For AI model providers, isolating the grammar processing component in sandboxed environments or containers can limit the impact of resource exhaustion. Additionally, organizations should review their incident response plans to include scenarios involving resource exhaustion attacks. Regularly updating dependencies and maintaining an inventory of open-source components will aid in timely vulnerability management.