CVE-2025-71011: n/a
CVE-2025-71011 is an input validation vulnerability in the OneFlow machine learning framework version 0. 9. 0 affecting the flow. Tensor. new_empty, new_ones, and new_zeros functions. Exploiting this flaw allows an attacker to cause a Denial of Service (DoS) by supplying crafted inputs that trigger resource exhaustion or crashes. No authentication or user interaction is required, and no known exploits are currently in the wild. The vulnerability impacts availability by potentially disrupting services relying on OneFlow for tensor operations. European organizations using OneFlow in AI or data processing pipelines could face operational interruptions. Mitigation requires careful input validation and patching once available, alongside monitoring for anomalous tensor creation requests.
AI Analysis
Technical Summary
CVE-2025-71011 identifies a vulnerability in the OneFlow open-source machine learning framework, specifically in version 0.9.0. The flaw resides in the input validation logic of the tensor creation functions flow.Tensor.new_empty, flow.Tensor.new_ones, and flow.Tensor.new_zeros. These functions are responsible for allocating tensors with specified shapes and initial values. Improper validation of input parameters allows an attacker to craft inputs that can cause the system to allocate excessive resources or trigger unexpected behavior, leading to a Denial of Service (DoS). This DoS could manifest as application crashes, memory exhaustion, or unresponsiveness, disrupting services dependent on OneFlow for tensor computations. The vulnerability does not require authentication or user interaction, making it easier to exploit in exposed environments. No CVSS score has been assigned yet, and no public exploits are known. The lack of patch links suggests remediation is pending or in development. This vulnerability primarily affects availability, with no direct impact on confidentiality or integrity. OneFlow is used in AI model training and inference pipelines, so affected systems may include research institutions, enterprises deploying AI solutions, and cloud services integrating OneFlow. Attackers could leverage this flaw to disrupt AI workloads, causing operational downtime and potential financial or reputational damage.
Potential Impact
For European organizations, the primary impact is operational disruption due to Denial of Service conditions triggered by malicious inputs to OneFlow tensor creation functions. Organizations relying on OneFlow for AI model training, inference, or data processing may experience service outages or degraded performance. This could affect sectors such as finance, healthcare, automotive, and research institutions where AI workloads are critical. The DoS could interrupt automated decision-making systems or delay time-sensitive analytics. While confidentiality and integrity are not directly compromised, availability loss can have cascading effects on business continuity and service level agreements. Additionally, organizations without robust input validation or monitoring may be more vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as OneFlow adoption grows in Europe. The vulnerability could also be leveraged as part of multi-stage attacks aiming to distract or degrade defenses.
Mitigation Recommendations
European organizations should implement strict input validation controls on all user-supplied parameters that interact with OneFlow tensor creation APIs. Until an official patch is released, consider restricting access to OneFlow services to trusted users and networks to reduce exposure. Monitor logs and telemetry for unusual tensor allocation requests or spikes in resource consumption indicative of exploitation attempts. Employ resource limits and quotas at the container or orchestration level to prevent resource exhaustion. Engage with the OneFlow community or vendors for timely updates and patches addressing this vulnerability. Conduct security testing and fuzzing on tensor creation inputs to identify and remediate similar issues proactively. Integrate anomaly detection tools to alert on abnormal AI workload behaviors. Finally, maintain incident response plans that include scenarios involving AI framework DoS attacks to minimize downtime.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland
CVE-2025-71011: n/a
Description
CVE-2025-71011 is an input validation vulnerability in the OneFlow machine learning framework version 0. 9. 0 affecting the flow. Tensor. new_empty, new_ones, and new_zeros functions. Exploiting this flaw allows an attacker to cause a Denial of Service (DoS) by supplying crafted inputs that trigger resource exhaustion or crashes. No authentication or user interaction is required, and no known exploits are currently in the wild. The vulnerability impacts availability by potentially disrupting services relying on OneFlow for tensor operations. European organizations using OneFlow in AI or data processing pipelines could face operational interruptions. Mitigation requires careful input validation and patching once available, alongside monitoring for anomalous tensor creation requests.
AI-Powered Analysis
Technical Analysis
CVE-2025-71011 identifies a vulnerability in the OneFlow open-source machine learning framework, specifically in version 0.9.0. The flaw resides in the input validation logic of the tensor creation functions flow.Tensor.new_empty, flow.Tensor.new_ones, and flow.Tensor.new_zeros. These functions are responsible for allocating tensors with specified shapes and initial values. Improper validation of input parameters allows an attacker to craft inputs that can cause the system to allocate excessive resources or trigger unexpected behavior, leading to a Denial of Service (DoS). This DoS could manifest as application crashes, memory exhaustion, or unresponsiveness, disrupting services dependent on OneFlow for tensor computations. The vulnerability does not require authentication or user interaction, making it easier to exploit in exposed environments. No CVSS score has been assigned yet, and no public exploits are known. The lack of patch links suggests remediation is pending or in development. This vulnerability primarily affects availability, with no direct impact on confidentiality or integrity. OneFlow is used in AI model training and inference pipelines, so affected systems may include research institutions, enterprises deploying AI solutions, and cloud services integrating OneFlow. Attackers could leverage this flaw to disrupt AI workloads, causing operational downtime and potential financial or reputational damage.
Potential Impact
For European organizations, the primary impact is operational disruption due to Denial of Service conditions triggered by malicious inputs to OneFlow tensor creation functions. Organizations relying on OneFlow for AI model training, inference, or data processing may experience service outages or degraded performance. This could affect sectors such as finance, healthcare, automotive, and research institutions where AI workloads are critical. The DoS could interrupt automated decision-making systems or delay time-sensitive analytics. While confidentiality and integrity are not directly compromised, availability loss can have cascading effects on business continuity and service level agreements. Additionally, organizations without robust input validation or monitoring may be more vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as OneFlow adoption grows in Europe. The vulnerability could also be leveraged as part of multi-stage attacks aiming to distract or degrade defenses.
Mitigation Recommendations
European organizations should implement strict input validation controls on all user-supplied parameters that interact with OneFlow tensor creation APIs. Until an official patch is released, consider restricting access to OneFlow services to trusted users and networks to reduce exposure. Monitor logs and telemetry for unusual tensor allocation requests or spikes in resource consumption indicative of exploitation attempts. Employ resource limits and quotas at the container or orchestration level to prevent resource exhaustion. Engage with the OneFlow community or vendors for timely updates and patches addressing this vulnerability. Conduct security testing and fuzzing on tensor creation inputs to identify and remediate similar issues proactively. Integrate anomaly detection tools to alert on abnormal AI workload behaviors. Finally, maintain incident response plans that include scenarios involving AI framework DoS attacks to minimize downtime.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 697b7c74ac0632022298179a
Added to database: 1/29/2026, 3:27:48 PM
Last enriched: 1/29/2026, 3:42:33 PM
Last updated: 1/29/2026, 5:07:26 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-1597: Improper Authorization in Bdtask SalesERP
MediumCVE-2026-1596: Command Injection in D-Link DWR-M961
MediumCVE-2026-1595: SQL Injection in itsourcecode Society Management System
MediumCVE-2026-0936: CWE-532: Insertion of Sensitive Information into Log in B&R Industrial Automation GmbH Process Visualization Interface (PVI)
MediumCVE-2025-62514: CWE-327: Use of a Broken or Risky Cryptographic Algorithm in Scille parsec-cloud
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.