CVE-2025-6051: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, sp
Summary
A ReDoS vulnerability (regular expression denial of service, where specially crafted input causes a program's pattern-matching code to consume excessive CPU) was found in the Hugging Face Transformers library's number normalization feature. An attacker could send text with long digit sequences to crash or slow down text-to-speech and number processing tasks. The vulnerability affects versions up to 4.52.4.
Solution / Mitigation
Fixed in version 4.53.0 of the Hugging Face Transformers library.
Vulnerability Details
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-6051
First tracked: February 15, 2026 at 08:46 PM
Classified by LLM (prompt v3) · confidence: 95%