{"data":{"id":"4f53b456-2ff4-4629-a6cd-3d5a0fb5b2a4","title":"CVE-2025-0649: Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbound","summary":"CVE-2025-0649 is a bug in Google's TensorFlow Serving (a tool that runs machine learning models as a service) versions up to 2.18.0 where incorrect handling of JSON input can cause unbounded recursion (a program calling itself repeatedly without stopping), leading to server crashes. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 8.9, indicating high severity. The issue relates to out-of-bounds writes (writing data to unintended memory locations) and stack-based buffer overflow (overflowing a memory region meant for temporary data).","solution":"A patch is available at https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf (identified by Google Inc. as the official patch for this vulnerability).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-0649","publishedAt":"2025-05-07T01:16:17.880Z","cveId":"CVE-2025-0649","cweIds":["CWE-121","CWE-787"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google TensorFlow Serving"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00141,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}