PyPI: transformers
CVE-2025-5197
Safety vulnerability ID: SFTY-20250806-29656
Safety legacy ID: pyup.io-78688
Affected versions of the Hugging Face Transformers package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an inefficient regex pattern in weight name conversion. The convert_tf_weight_name_to_pt_weight_name() function uses the regular expression pattern /[^/]*___([^/]*)/, which is susceptible to catastrophic backtracking when processing specially crafted TensorFlow weight names. An attacker can exploit this vulnerability by providing malicious weight names during model conversion between TensorFlow and PyTorch formats, causing excessive CPU consumption and potentially rendering the service unresponsive.
Overview
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
Advisory
Affected versions of the Hugging Face Transformers package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an inefficient regex pattern in weight name conversion. The convert_tf_weight_name_to_pt_weight_name() function uses the regular expression pattern /[^/]*___([^/]*)/, which is susceptible to catastrophic backtracking when processing specially crafted TensorFlow weight names. An attacker can exploit this vulnerability by providing malicious weight names during model conversion between TensorFlow and PyTorch formats, causing excessive CPU consumption and potentially rendering the service unresponsive.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20250806-29656/CVE-2025-5197
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5197
- https://github.com/huggingface/transformers/commit/701caef704e356dc2f9331cc3fd5df0eccb4720a
- https://nvd.nist.gov/vuln/detail/CVE-2025-5197
- https://github.com/huggingface/transformers/commit/944b56000be5e9b61af8301aa340838770ad8a0b
- https://huntr.com/bounties/3f8b3fd0-166b-46e7-b60f-60dd9d2678bf
- https://github.com/huggingface/transformers/commit/701caef704e356dc2f9331cc3fd5df0eccb4720a
- https://github.com/advisories/GHSA-9356-575x-2w9m
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more