CVE-2025-55559: An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.
Summary
CVE-2025-55559 is a vulnerability in TensorFlow v2.18.0 where setting the padding parameter to 'valid' in tf.keras.layers.Conv2D (a layer used in neural networks for image processing) causes a Denial of Service (DoS, where a system becomes unavailable to users). The vulnerability is classified as uncontrolled resource consumption, meaning the system uses up resources like memory or CPU in an uncontrolled way.
Vulnerability Details
7.5(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-55559
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 92%