CVE-2025-65887
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
A division-by-zero vulnerability was found in the flow.floor_divide() component of OneFlow v0.9.0. An attacker can cause a Denial of Service (DoS) by providing a crafted input tensor containing zero.
Risk Assessment
The risk is that an attacker can remotely crash the system by sending specially crafted data, potentially disrupting applications using OneFlow and causing service outages.
Recommendation
Update OneFlow to the latest patched version, or implement input validation to reject zero values before passing them to the floor_divide function as a temporary workaround.
Original NVD description (English source)
A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.

