CVE-2025-65891 is a vulnerability identified in OneFlow version 0.9.0, a machine learning framework that supports GPU acceleration. The flaw arises from inadequate validation of GPU device identifiers within the flow.cuda.get_device_properties() function. Specifically, the function fails to properly check if the device index provided is valid or non-negative. An attacker can exploit this by invoking the function with an invalid or negative device index, which leads to a Denial of Service (DoS) condition. This DoS can manifest as application crashes or resource exhaustion on the host system managing the GPU resources. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that the flaw allows attackers to consume excessive resources, thereby degrading system availability. The CVSS v3.1 base score is 7.5, with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, meaning the attack can be launched remotely over the network without any privileges or user interaction, and it impacts availability only. No patches or fixes have been published at the time of disclosure, and no known exploits are reported in the wild. This vulnerability is significant for environments relying on OneFlow for GPU-based computations, as it can disrupt critical AI workloads and services.

For European organizations, the primary impact of CVE-2025-65891 is the potential disruption of AI and high-performance computing (HPC) workloads that depend on OneFlow’s GPU acceleration capabilities. This can lead to service outages, delayed data processing, and operational downtime, affecting sectors such as research institutions, financial services, automotive industries, and technology companies heavily invested in AI development. The DoS condition could also affect cloud service providers hosting GPU-accelerated applications, leading to broader service degradation. Since the vulnerability does not compromise confidentiality or integrity, data breaches are unlikely; however, the availability impact can cause significant business interruptions and financial losses. Organizations with GPU clusters used for machine learning training or inference are particularly vulnerable, as attackers can remotely trigger the DoS without authentication, increasing the risk of widespread disruption.

To mitigate CVE-2025-65891, organizations should implement strict input validation on GPU device indices before invoking flow.cuda.get_device_properties() to ensure only valid, non-negative device IDs are processed. Restrict access to GPU management APIs to trusted users and services only, employing network segmentation and access control lists to limit exposure. Monitor application logs and GPU usage metrics for abnormal API calls or unexpected crashes that may indicate exploitation attempts. Where possible, isolate GPU workloads in containerized or virtualized environments to contain potential DoS effects. Engage with OneFlow developers or community to obtain patches or updates addressing this vulnerability as soon as they become available. Additionally, consider fallback mechanisms or redundancy in GPU resources to maintain service continuity during potential DoS events. Finally, educate developers and system administrators about this vulnerability to ensure secure coding and operational practices around GPU resource management.