CVE-2025-65891 identifies a vulnerability in the OneFlow deep learning framework version 0.9.0, specifically related to GPU device-ID validation. OneFlow provides GPU acceleration capabilities, and the function flow.cuda.get_device_properties() is designed to retrieve properties of a specified GPU device by its index. The vulnerability arises because the function does not properly validate the device index parameter, allowing attackers to supply invalid or negative indices. When such invalid indices are passed, the function triggers a Denial of Service (DoS) condition, likely causing the application or service using OneFlow to crash or become unresponsive. This flaw can be exploited by any user or process capable of invoking this API, without requiring authentication or elevated privileges, but it does require the ability to execute code that calls this function. There are no known exploits in the wild, and no patches or fixes have been released at the time of publication. The vulnerability affects all deployments running OneFlow v0.9.0 that expose or allow access to the vulnerable API. Because OneFlow is used primarily in AI and machine learning workloads that leverage GPU acceleration, this DoS vulnerability could disrupt critical computational tasks, impacting availability. The lack of proper input validation is the root cause, and remediation would involve adding robust checks on the device index parameter to ensure it falls within valid ranges before querying device properties.

For European organizations, the primary impact of CVE-2025-65891 is availability disruption. Entities relying on OneFlow for GPU-accelerated AI, machine learning, or data processing workloads may experience application crashes or service interruptions if an attacker exploits this vulnerability. This could affect research institutions, technology companies, and enterprises deploying AI models in production environments. Disruptions could delay critical computations, reduce productivity, and potentially impact dependent services or customers. While the vulnerability does not directly compromise confidentiality or integrity, the denial of service could be leveraged as part of a broader attack strategy to degrade operational capabilities. The impact is more pronounced in environments where OneFlow is integrated into automated pipelines or exposed to untrusted users or code execution contexts. Since no known exploits exist yet, the immediate risk is moderate, but the potential for future exploitation remains if the vulnerability is not addressed.

To mitigate CVE-2025-65891, organizations should implement strict input validation on any user-supplied or external parameters passed to flow.cuda.get_device_properties(), ensuring device indices are within valid, non-negative ranges and correspond to actual GPU devices present. Restrict access to the OneFlow API to trusted users and processes only, minimizing exposure to untrusted code execution that could invoke the vulnerable function. Monitor application logs for abnormal calls to get_device_properties() with invalid indices, which may indicate attempted exploitation. Where possible, isolate GPU-accelerated workloads in secure environments with limited external access. Engage with OneFlow maintainers or community to track patch releases and apply updates promptly once available. As a temporary workaround, consider disabling or restricting the use of the vulnerable API if feasible. Additionally, implement robust error handling in applications using OneFlow to gracefully manage unexpected failures and prevent cascading service disruptions.