PyPI: transformers
CVE-2025-3262
Safety vulnerability ID: SFTY-20250707-48060
Safety legacy ID: pyup.io-77990
Affected versions of the Hugging Face Transformers package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient regex patterns in multiple components. The vulnerable regular expressions in `serve.py`, `user.py`, and `utils.py` fail to handle catastrophic backtracking efficiently when processing specially crafted input strings, allowing exponential time complexity. A remote attacker can exploit this vulnerability by providing malicious input strings that cause excessive CPU consumption during regex matching operations, resulting in a denial of service. The vulnerability was fixed by refactoring the problematic regex patterns to use more efficient alternatives. The fix replaces complex regex operations with simpler string manipulation methods, implements input validation before regex processing, and rewrites patterns to avoid nested quantifiers and catastrophic backtracking. Specifically, the commit modifies regex handling in the model serving components and user input processing functions to prevent ReDoS attacks.
Overview
Transformers vulnerable to ReDoS attack through its SETTING_RE variable
Advisory
Affected versions of the Hugging Face Transformers package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient regex patterns in multiple components. The vulnerable regular expressions in `serve.py`, `user.py`, and `utils.py` fail to handle catastrophic backtracking efficiently when processing specially crafted input strings, allowing exponential time complexity. A remote attacker can exploit this vulnerability by providing malicious input strings that cause excessive CPU consumption during regex matching operations, resulting in a denial of service. The vulnerability was fixed by refactoring the problematic regex patterns to use more efficient alternatives. The fix replaces complex regex operations with simpler string manipulation methods, implements input validation before regex processing, and rewrites patterns to avoid nested quantifiers and catastrophic backtracking. Specifically, the commit modifies regex handling in the model serving components and user input processing functions to prevent ReDoS attacks.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20250707-48060/CVE-2025-3262
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3262
- https://github.com/advisories/GHSA-489j-g2vx-39wf
- https://github.com/huggingface/transformers/commit/126abe3461762e5fc180e7e614391d1b4ab051ca
- https://huntr.com/bounties/ecf5ccc4-39e7-4fb3-b547-14a41d31a184
- https://nvd.nist.gov/vuln/detail/CVE-2025-3262
- https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76
- https://huntr.com/bounties/ecf5ccc4-39e7-4fb3-b547-14a41d31a184
- https://github.com/huggingface/transformers/commit/126abe3461762e5fc180e7e614391d1b4ab051ca
- https://github.com/advisories/GHSA-489j-g2vx-39wf
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more