CVE-2025-0649 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-0649?

CVE-2025-0649 has a CVSS score of 7.5 (HIGH). A stack-based buffer overflow vulnerability in TensorFlow Serving versions up to 2.18.0 allows attackers to cause denial of service through server crashes by sending specially crafted JSON input. This affects all systems running vulnerable TensorFlow Serving instances that process JSON requests.

📋 TL;DR

A stack-based buffer overflow vulnerability in TensorFlow Serving versions up to 2.18.0 allows attackers to cause denial of service through server crashes by sending specially crafted JSON input. This affects all systems running vulnerable TensorFlow Serving instances that process JSON requests.

💻 Affected Systems

Products:

TensorFlow Serving

Versions: Versions up to and including 2.18.0

Operating Systems: All platforms running TensorFlow Serving

Default Config Vulnerable: ⚠️ Yes

Notes: Any TensorFlow Serving instance that processes JSON input is vulnerable regardless of configuration.

📦 What is this software?

Tensorflow Serving by Google

View all CVEs affecting Tensorflow Serving →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through server crashes, potentially leading to extended downtime and data processing interruptions.

🟠

Likely Case

Intermittent service disruptions and degraded performance due to repeated crashes from malformed JSON payloads.

🟢

If Mitigated

Minimal impact with proper input validation and monitoring in place to detect and block malicious requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed JSON to vulnerable endpoints, which is straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.19.0 and later

Vendor Advisory: https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf

Restart Required: Yes

Instructions:

1. Upgrade TensorFlow Serving to version 2.19.0 or later. 2. Stop the current TensorFlow Serving instance. 3. Install the updated version. 4. Restart the service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement a reverse proxy or middleware to validate JSON input before it reaches TensorFlow Serving

# Configure nginx or similar proxy to validate JSON structure
# Implement custom middleware for JSON validation

Rate Limiting

linux

Limit request rates to reduce impact of potential denial-of-service attacks

# Use nginx rate limiting: limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
# Add to location block: limit_req zone=mylimit burst=20 nodelay;

🧯 If You Can't Patch

Implement network segmentation to restrict access to TensorFlow Serving endpoints
Deploy Web Application Firewall (WAF) with JSON validation rules

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow Serving version with: tensorflow_model_server --version

Check Version:

tensorflow_model_server --version

Verify Fix Applied:

Confirm version is 2.19.0 or later and test with valid JSON payloads

📡 Detection & Monitoring

Log Indicators:

Repeated server crashes
Stack overflow errors in logs
Malformed JSON parsing errors

Network Indicators:

Unusually large JSON payloads
Rapid sequential requests to JSON endpoints

SIEM Query:

source="tensorflow-serving" AND ("crash" OR "stack overflow" OR "malformed json")

📊 Metadata

CVE ID: CVE-2025-0649

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: May 6, 2025

Last Updated: July 31, 2025

🔗 References

https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0649, you might also want to check these: