
We found results for “”
CVE-2025-1194
Good to know:


Date: April 29, 2025
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file "tokenization_gpt_neox_japanese.py" of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Inefficient Regular Expression Complexity
CWE-1333Top Fix

Upgrade Version
Upgrade to version transformers - 4.50.0;transformers - 4.50.0;https://github.com/huggingface/transformers.git - v4.50.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | LOW |