CVE-2025-1194
published 2025-04-29CVE-2025-1194: A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file…
PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.38%
30.3th percentile
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| huggingface | huggingface_transformers | >= unspecified < 4.50.0 | 4.50.0 |
| huggingface | transformers | < 4.50.0 | 4.50.0 |
| huggingface | transformers | >= 0 < 4.50.0 | 4.50.0 |
| msrc | cbl2_kernel_5.15.143.1-1_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
osv·2025-04-29
CVE-2025-1194 [MEDIUM] Transformers Regular Expression Denial of Service (ReDoS) vulnerability
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).
GHSA
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
ghsa·2025-04-29
CVE-2025-1194 [MEDIUM] CWE-1333 Transformers Regular Expression Denial of Service (ReDoS) vulnerability
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).
Microsoft
Use-after-free in parse_lease_state()
vendor_msrc·2023-11-14·CVSS 8.1
CVE-2023-1194 [HIGH] CWE-125 Use-after-free in parse_lease_state()
Use-after-free in parse_lease_state()
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/e
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-40318 kernel: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
bugzilla·2025-12-08
CVE-2025-40318 [MEDIUM] CVE-2025-40318 kernel: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
CVE-2025-40318 kernel: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
hci_cmd_sync_dequeue_once() does lookup and then cancel
the entry under two separate lock sections. Meanwhile,
hci_cmd_sync_work() can also delete the same entry,
leading to double list_del() and "UAF".
Fix this by holding cmd_sync_work_lock across both
lookup and cancel, so that the entry cannot be removed
concurrently.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120823-CVE-2025-40318-0f27@gregkh/T
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.6 Extended Update Support
Via RHSA-2026:1194 https://acc
Bugzilla
CVE-2025-38289 kernel: Linux kernel: Denial of service due to use-after-free in scsi: lpfc
bugzilla·2025-07-10·CVSS 7.8
CVE-2025-38289 [HIGH] CVE-2025-38289 kernel: Linux kernel: Denial of service due to use-after-free in scsi: lpfc
CVE-2025-38289 kernel: Linux kernel: Denial of service due to use-after-free in scsi: lpfc
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk
Smatch detected a potential use-after-free of an ndlp oject in
dev_loss_tmo_callbk during driver unload or fatal error handling.
Fix by reordering code to avoid potential use-after-free if initial
nodelist reference has been previously removed.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025071011-CVE-2025-38289-0d93@gregkh/T
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.6 Extended Update Support
Via RHSA-2026:1194 https://access.redhat.com/errata/RHSA-2026:1194
---
This issue has
Bugzilla
CVE-2025-37789 kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation
bugzilla·2025-05-01·CVSS 7.8
CVE-2025-37789 [HIGH] CVE-2025-37789 kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation
CVE-2025-37789 kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix nested key length validation in the set() action
It's not safe to access nla_len(ovs_key) if the data is smaller than
the netlink header. Check that the attribute is OK first.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050119-CVE-2025-37789-3f0b@gregkh/T
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.6 Extended Update Support
Via RHSA-2026:1194 https://access.redhat.com/errata/RHSA-2026:1194
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10.0 Extend
2025-04-29
Published