
We found results for “”
CVE-2025-6638
Good to know:


Date: September 12, 2025
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's "remove_language_code()" method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploited by crafted input strings containing malformed language code patterns, leading to excessive CPU consumption and potential denial of service.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Inefficient Regular Expression Complexity
CWE-1333Top Fix

Upgrade Version
Upgrade to version transformers - 4.53.0;transformers - 4.53.0;https://github.com/huggingface/transformers.git - v4.53.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | LOW |