CVE-2025-65887 identifies a division-by-zero vulnerability in the flow.floor_divide() component of OneFlow version 0.9.0, a machine learning framework. The flaw arises when the function attempts to perform floor division on an input tensor that contains zero, leading to an unhandled division-by-zero exception. This causes the application to crash or become unresponsive, resulting in a Denial of Service (DoS) condition. The vulnerability can be triggered remotely without requiring privileges, but it does require user interaction to supply the crafted input tensor. The CVSS score of 6.5 reflects a medium severity, emphasizing the impact on availability without compromising confidentiality or integrity. No patches or fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability primarily affects systems running OneFlow v0.9.0, which is used in AI and machine learning workflows. Attackers could exploit this flaw to disrupt services, degrade system reliability, or cause downtime in environments relying on OneFlow for critical processing tasks.

For European organizations, the primary impact is service disruption due to Denial of Service attacks targeting OneFlow-based applications. This can affect AI research labs, data science teams, and enterprises leveraging OneFlow for machine learning model training and inference. Disruptions could delay project timelines, reduce productivity, and potentially cause financial losses if critical systems become unavailable. Since the vulnerability does not affect data confidentiality or integrity, the risk of data breaches is low. However, availability issues can impact sectors relying on real-time or high-availability AI services, such as healthcare, finance, and manufacturing. Organizations with automated pipelines or cloud-based AI services using OneFlow may experience cascading failures if the vulnerability is exploited.

To mitigate this vulnerability, organizations should implement strict input validation to ensure that tensors passed to flow.floor_divide() do not contain zero values that could trigger division-by-zero errors. Developers should add exception handling around floor division operations to gracefully manage unexpected inputs. Monitoring and logging should be enhanced to detect abnormal crashes or service interruptions related to OneFlow processes. Organizations should stay alert for official patches or updates from the OneFlow development team and apply them promptly once available. In the interim, restricting access to systems running OneFlow and limiting exposure to untrusted inputs can reduce exploitation risk. Additionally, sandboxing or containerizing OneFlow workloads can help contain potential DoS impacts. Regular backups and failover mechanisms should be tested to maintain service continuity.