CVE-2025-58446 is a medium-severity vulnerability affecting the open-source library xgrammar, developed by mlc-ai. xgrammar is designed for efficient, flexible, and portable structured generation, commonly used in applications involving grammar optimization. The vulnerability arises in version 0.1.23 and earlier versions before 0.1.24, specifically in the grammar optimizer component. When processing large grammars exceeding 100,000 characters, the optimizer operates at very low rates, which can be exploited to cause a denial-of-service (DoS) condition. This occurs due to the allocation of resources without proper limits or throttling (CWE-770), allowing an attacker to overwhelm the system by submitting large or complex grammar inputs. The vulnerability does not require authentication, user interaction, or privileges to exploit, and it can be triggered remotely over the network. The CVSS 4.0 base score is 6.9, reflecting a medium severity level, with the attack vector being network-based and no user interaction needed. The flaw impacts the availability of services relying on xgrammar by potentially exhausting system resources, leading to degraded performance or service outages. The issue was addressed in version 0.1.24 of xgrammar, where resource allocation controls and throttling mechanisms were presumably introduced to mitigate the risk of resource exhaustion attacks.

For European organizations, the impact of this vulnerability depends largely on the extent to which xgrammar is integrated into their software stacks, particularly in AI model providers or applications that utilize grammar optimization for structured generation tasks. Organizations providing AI services, natural language processing, or automated code generation could face service disruptions if attackers exploit this vulnerability to launch denial-of-service attacks. This could lead to downtime, degraded user experience, and potential financial losses. Additionally, organizations relying on third-party AI models or services that incorporate vulnerable versions of xgrammar may experience indirect impacts. The lack of authentication and user interaction requirements increases the risk of exploitation by remote attackers. Given the growing adoption of AI technologies across European industries, the vulnerability poses a tangible risk to availability and operational continuity, especially for providers of AI models and services.

European organizations should immediately verify if they are using xgrammar version 0.1.23 or earlier in their software environments. The primary mitigation is to upgrade to version 0.1.24 or later, where the vulnerability has been fixed. For environments where immediate upgrading is not feasible, organizations should implement input validation and size limits on grammar inputs to prevent processing of excessively large or complex grammars. Network-level protections such as rate limiting, anomaly detection, and traffic filtering can help mitigate exploitation attempts by limiting the volume and frequency of grammar submissions. Monitoring resource utilization and setting thresholds for process memory and CPU usage related to xgrammar processes can provide early warning signs of exploitation attempts. Additionally, organizations should review their AI model providers and third-party services to ensure they have patched this vulnerability or have compensating controls in place. Incorporating these specific controls beyond generic patching will reduce the risk of denial-of-service attacks leveraging this vulnerability.