← Zuruck zu CVEs
CVE-2025-6638
HIGH7.5
Beschreibung
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploited by crafted input strings containing malformed language code patterns, leading to excessive CPU consumption and potential denial of service.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht9/12/2025
Zuletzt geandert10/21/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
huggingface:transformers
Schwachen (CWE)
CWE-1333
Referenzen
https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be(security@huntr.dev)
https://huntr.com/bounties/6a6c933f-9ce8-4ded-8b3b-2c1444c61f36(security@huntr.dev)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.