CVE-2025-5197
📋 TL;DR
A Regular Expression Denial of Service (ReDoS) vulnerability in Hugging Face Transformers allows attackers to cause excessive CPU consumption by providing specially crafted weight names to the model conversion function. This affects users performing TensorFlow to PyTorch model conversions with versions up to 4.51.3, potentially leading to service disruption and resource exhaustion.
💻 Affected Systems
- Hugging Face Transformers library
📦 What is this software?
Transformers by Huggingface
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to CPU exhaustion, affecting all model conversion operations and potentially cascading to dependent services.
Likely Case
Degraded performance during model conversion processes, with temporary CPU spikes causing slower operations.
If Mitigated
Minimal impact with proper input validation and resource limits in place.
🎯 Exploit Status
Requires crafting specific input strings to trigger catastrophic backtracking in the regex pattern.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.53.0 and later
Vendor Advisory: https://github.com/huggingface/transformers/commit/944b56000be5e9b61af8301aa340838770ad8a0b
Restart Required: No
Instructions:
1. Update transformers package: pip install --upgrade transformers>=4.53.0
2. Verify no breaking changes in your specific use case
3. Test model conversion functionality
🔧 Temporary Workarounds
Input Validation Workaround
allAdd input validation to sanitize weight names before passing to conversion function
# Python example: Validate weight names before conversion
import re
safe_pattern = re.compile(r'^[a-zA-Z0-9_\-./]+$')
if not safe_pattern.match(weight_name):
raise ValueError('Invalid weight name format')
🧯 If You Can't Patch
- Implement rate limiting on model conversion endpoints to prevent abuse
- Monitor CPU usage during conversion processes and set resource limits
🔍 How to Verify
Check if Vulnerable:
Check transformers version: python -c "import transformers; print(transformers.__version__)" and compare to 4.51.3Check Version:
python -c "import transformers; print(f'Transformers version: {transformers.__version__}')"Verify Fix Applied:
After updating, test with known malicious weight names to ensure no excessive CPU usage📡 Detection & Monitoring
Log Indicators:
- Unusually long model conversion times
- High CPU usage spikes during conversion processes
- Repeated conversion failures
Network Indicators:
- Multiple rapid conversion API calls from single source
- Unusual payload patterns in conversion requests
SIEM Query:
source="application_logs" AND ("model_conversion" OR "convert_tf_weight") AND duration>30s