CVE-2025-6638 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer…
High CVSS: 7.5

CVE-2025-6638

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploited by crafted input strings containing malformed language code patterns, leading to excessive CPU consumption and potential denial of service.
Vendor
Huggingface
Product
Transformers
CWE
CWE-1333
Yayın Tarihi
2025-09-12 11:15:31
Güncelleme
2025-10-21 13:33:08
Source Identifier
security@huntr.dev
KEV Date Added
-

Kategoriler

CWE-1333 Transformers HIGH Huggingface 2025

Referanslar

https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be https://huntr.com/bounties/6a6c933f-9ce8-4ded-8b3b-2c1444c61f36