CVE Catalog
CVE-2025-63397
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.29%
21th percentile - higher than 21% of all known CVEs
Summary
In OneFlow v0.9.0, improper input validation allows attackers to cause a segmentation fault by adding a Python sequence to native code during broadcasting or type conversion.
Risk Assessment
An attacker can remotely trigger an application crash (segfault), leading to service disruption (DoS) and potential loss of system availability.
Recommendation
Update OneFlow to the latest patched version or apply temporary restrictions on processing Python sequences in broadcasting/type conversion operations.
Original NVD description (English source)
Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion.

