CVE-2025-32381 – Denial of Service by abusing xgrammar unbounded cache in memory

https://notcve.org/view.php?id=CVE-2025-32381

09 Apr 2025 — XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this deni... • https://github.com/mlc-ai/xgrammar/pull/243 • CWE-770: Allocation of Resources Without Limits or Throttling •