CVE-2025-63397 | THREATINT

Description

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-10 | Updated 2025-11-12 | Assigner mitre

References

github.com/Daisy2ang

oneflow.com

github.com/Oneflow-Inc/oneflow

github.com/Oneflow-Inc/oneflow/issues/10666

cve.org (CVE-2025-63397)

nvd.nist.gov (CVE-2025-63397)

Download JSON