PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-65886 Oneflow Inc CVE debrief

CVE-2025-65886 is a shape mismatch vulnerability in OneFlow v0.9.0 that allows attackers to cause a Denial of Service (DoS). This vulnerability is considered High severity with a CVSS score of 7.5. The exposure arises from inadequate validation of tensor shapes, which can be exploited by providing crafted shapes to cause a denial of service. The likely defender workflow involves verifying the presence of OneFlow v0.9.0 in their environment, assessing the potential impact, and planning for vendor-supported updates or mitigations. The priority posture for this vulnerability is High due to its severity and potential for exploitation.

Vendor
Oneflow Inc
Product
OneFlow
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-28
Original CVE updated
2026-07-05
Advisory published
2026-01-28
Advisory updated
2026-07-05

Who should care

Users of OneFlow v0.9.0, particularly those responsible for the operation and security of this platform, should be aware of this vulnerability and take necessary precautions. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the risk, verify the presence of the vulnerable version, and plan for remediation or mitigation strategies.

Technical summary

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. This issue arises from the lack of proper validation of tensor shapes, which can lead to a crash or unexpected behavior when a specially crafted shape is provided. Users of OneFlow v0.9.0 should be aware of this vulnerability and take necessary precautions to mitigate the risk.

Defensive priority

High priority due to the HIGH severity of the vulnerability and the potential for Denial of Service attacks. Immediate attention is required to assess the exposure, plan for remediation, and implement compensating controls if necessary.

Recommended defensive actions

  • Inventory and verify OneFlow v0.9.0 installations
  • Apply vendor remediation when available
  • Monitor for suspicious activity
  • Implement compensating controls
  • Exception tracking and retest

Evidence notes

The CVE record was published on 2026-01-28T17:16:08.183Z and was last modified on 2026-07-05T02:17:30.087Z. The NVD entry is currently Modified. The information provided is based on the available data and may not be exhaustive. Further verification and defensive checks are recommended to ensure the accuracy of the vulnerability details and affected scope.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-28T17:16:08.183Z and has not been modified since then. The NVD entry is currently Modified.