{"data":{"id":"4d5b25cf-a0ec-4f88-92ad-2167c7e4689c","title":"CVE-2025-3933: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, sp","summary":"A ReDoS (regular expression denial of service, where carefully designed text input causes a regex pattern to consume excessive CPU) vulnerability was found in the Hugging Face Transformers library's DonutProcessor class, affecting versions 4.50.3 and earlier. The vulnerable regex pattern can be exploited through crafted input strings to cause the system to slow down or crash, disrupting document processing tasks that use the Donut model.","solution":"Update the Hugging Face Transformers library to version 4.52.1 or later, as this version contains the fix for the vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-3933","publishedAt":"2025-07-11T14:15:22.293Z","cveId":"CVE-2025-3933","cweIds":["CWE-1333"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Hugging Face","Transformers library","DonutProcessor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00032,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}