PatchSiren cyber security CVE debrief
CVE-2025-71000 Oneflow CVE debrief
CVE-2025-71000 is a HIGH severity vulnerability in OneFlow v0.9.0's flow.cuda.BoolTensor component, allowing attackers to cause a Denial of Service (DoS) via crafted input. The CVE record was published on 2026-01-28T18:16:51.977Z and was last modified on 2026-07-05T02:17:39.580Z. The NVD entry is currently Modified. This vulnerability has a CVSS score of 7.5 and is considered High priority due to its potential for Denial of Service attacks. Users of OneFlow v0.9.0 should review and apply patches to mitigate this vulnerability.
- Vendor
- Oneflow
- Product
- OneFlow
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-07-05
Who should care
Users of OneFlow v0.9.0, particularly those responsible for maintaining and securing the affected component, should review and apply patches to mitigate this vulnerability. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the risk and implement necessary controls.
Technical summary
The vulnerability is in the flow.cuda.BoolTensor component of OneFlow v0.9.0. It allows attackers to cause a Denial of Service (DoS) via crafted input. The CVSS score is 7.5 with a HIGH severity. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This issue is significant because it can lead to service disruptions, and users of OneFlow v0.9.0 should review and apply patches to mitigate this vulnerability.
Defensive priority
High priority due to HIGH severity and potential for Denial of Service attacks. Immediate attention is required to review and apply patches or implement compensating controls.
Recommended defensive actions
- Review OneFlow v0.9.0 for updates and apply patches if available
- Implement compensating controls to detect and prevent Denial of Service attacks
- Monitor systems for unusual activity
- Inventory affected systems for remediation
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
Evidence notes
Evidence is based on the NVD CVE record and a vendor advisory. The CVE record was published on 2026-01-28T18:16:51.977Z and was last modified on 2026-07-05T02:17:39.580Z. The information available is limited to these sources, and further verification is recommended. Defenders should verify the affected scope, severity, and vendor guidance.
Official resources
-
CVE-2025-71000 CVE record
CVE.org
-
CVE-2025-71000 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Not Applicable
-
Mitigation or vendor reference
[email protected] - Exploit, Issue Tracking, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-28T18:16:51.977Z and has not been modified since then. The NVD entry is currently Modified.