{"data":{"id":"bfcb92b2-a38c-4e96-9164-d94a469045b5","title":"CVE-2025-3262: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, ","summary":"A ReDoS vulnerability (regular expression denial of service, where inefficient pattern matching causes a system to slow down or crash) was found in the Hugging Face Transformers library version 4.49.0. The problem is in a regex pattern called `SETTING_RE` that uses inefficient repetition, causing it to take exponentially longer when processing specially crafted input strings, which can make the application unresponsive or crash.","solution":"Update to version 4.51.0 or later, where the issue is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-3262","publishedAt":"2025-07-07T14:15:27.200Z","cveId":"CVE-2025-3262","cweIds":["CWE-1333"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["HuggingFace","transformers"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00114,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}