CVE Catalog

CVE-2025-63397

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

In OneFlow v0.9.0, improper input validation allows attackers to cause a segmentation fault by adding a Python sequence to native code during broadcasting or type conversion.

Risk Assessment

An attacker can remotely trigger an application crash (segfault), leading to service disruption (DoS) and potential loss of system availability.

Recommendation

Update OneFlow to the latest patched version or apply temporary restrictions on processing Python sequences in broadcasting/type conversion operations.

Original NVD description (English source)

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS