PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-65888 Oneflow-Inc CVE debrief

CVE-2025-65888 is a Denial of Service (DoS) vulnerability in OneFlow 0.9.0, caused by a dimension validation flaw in the flow.empty() component. Attackers can exploit this vulnerability via a negative or excessively large dimension value. This vulnerability has a CVSS score of 7.5, indicating a high severity. To address this vulnerability, users of OneFlow 0.9.0 should be aware of the potential risks and take necessary precautions to prevent exploitation. The debrief is based on the available evidence and may not cover all aspects of the vulnerability.

Vendor
Oneflow-Inc
Product
OneFlow 0.9.0
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-28
Original CVE updated
2026-07-05
Advisory published
2026-01-28
Advisory updated
2026-07-05

Who should care

Users of OneFlow 0.9.0, operators, platform administrators, vulnerability management teams, and security teams should be aware of this vulnerability and take necessary precautions to prevent exploitation. The potential impact of this vulnerability is significant, and it is essential to assess the risk and implement measures to mitigate it.

Technical summary

The vulnerability is caused by a dimension validation flaw in the flow.empty() component of OneFlow 0.9.0. This flaw allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. The CVSS score for this vulnerability is 7.5, indicating a high severity. Users of OneFlow 0.9.0 should be aware of this vulnerability and take necessary precautions to prevent exploitation. To address this vulnerability, it is essential to understand the potential impact and implement measures to mitigate the risk.

Defensive priority

High

Recommended defensive actions

  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-01-28T17:16:08.437Z and was last modified on 2026-07-05T02:17:30.417Z. The NVD entry is currently Modified. The information provided is based on the available data and may not be exhaustive. Further verification and assessment are recommended to ensure the accuracy of the information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-28T17:16:08.437Z and has not been modified since then. The NVD entry is currently Modified.