PatchSiren cyber security CVE debrief
CVE-2025-65888 Oneflow-Inc CVE debrief
CVE-2025-65888 is a Denial of Service (DoS) vulnerability in OneFlow 0.9.0, caused by a dimension validation flaw in the flow.empty() component. Attackers can exploit this vulnerability via a negative or excessively large dimension value. This vulnerability has a CVSS score of 7.5, indicating a high severity. To address this vulnerability, users of OneFlow 0.9.0 should be aware of the potential risks and take necessary precautions to prevent exploitation. The debrief is based on the available evidence and may not cover all aspects of the vulnerability.
- Vendor
- Oneflow-Inc
- Product
- OneFlow 0.9.0
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-07-05
Who should care
Users of OneFlow 0.9.0, operators, platform administrators, vulnerability management teams, and security teams should be aware of this vulnerability and take necessary precautions to prevent exploitation. The potential impact of this vulnerability is significant, and it is essential to assess the risk and implement measures to mitigate it.
Technical summary
The vulnerability is caused by a dimension validation flaw in the flow.empty() component of OneFlow 0.9.0. This flaw allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. The CVSS score for this vulnerability is 7.5, indicating a high severity. Users of OneFlow 0.9.0 should be aware of this vulnerability and take necessary precautions to prevent exploitation. To address this vulnerability, it is essential to understand the potential impact and implement measures to mitigate the risk.
Defensive priority
High
Recommended defensive actions
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-01-28T17:16:08.437Z and was last modified on 2026-07-05T02:17:30.417Z. The NVD entry is currently Modified. The information provided is based on the available data and may not be exhaustive. Further verification and assessment are recommended to ensure the accuracy of the information.
Official resources
-
CVE-2025-65888 CVE record
CVE.org
-
CVE-2025-65888 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Not Applicable
-
Source reference
[email protected] - Product
-
Mitigation or vendor reference
[email protected] - Exploit, Issue Tracking, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-28T17:16:08.437Z and has not been modified since then. The NVD entry is currently Modified.