CVE Catalog

CVE-2025-65887

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

A division-by-zero vulnerability was found in the flow.floor_divide() component of OneFlow v0.9.0. An attacker can cause a Denial of Service (DoS) by providing a crafted input tensor containing zero.

Risk Assessment

The risk is that an attacker can remotely crash the system by sending specially crafted data, potentially disrupting applications using OneFlow and causing service outages.

Recommendation

Update OneFlow to the latest patched version, or implement input validation to reject zero values before passing them to the floor_divide function as a temporary workaround.

Original NVD description (English source)

A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS