CVE-2025-6921
📋 TL;DR
This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in the huggingface/transformers library's AdamWeightDecay optimizer. Attackers who can control regular expression patterns in weight decay configuration lists can cause catastrophic backtracking, leading to 100% CPU utilization and service unavailability. Users of transformers library versions before 4.53.0 who allow user-controlled regex patterns in optimizer configuration are affected.
💻 Affected Systems
- huggingface/transformers
📦 What is this software?
Transformers by Huggingface
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service with 100% CPU utilization, causing ML training/inference tasks to hang indefinitely and potentially affecting entire systems or clusters.
Likely Case
Degraded performance or temporary service disruption in ML workloads where attackers can inject malicious regex patterns.
If Mitigated
Minimal impact if user input is properly sanitized and regex patterns are controlled.
🎯 Exploit Status
Exploitation requires ability to control regex patterns in optimizer configuration. Proof of concept exists in the public bounty report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.53.0
Vendor Advisory: https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be
Restart Required: Yes
Instructions:
1. Update transformers package: pip install --upgrade transformers>=4.53.0
2. Restart any running services using the library
3. Verify the update with: pip show transformers
🔧 Temporary Workarounds
Input Validation for Regex Patterns
allValidate and sanitize any user-provided regular expression patterns before passing to AdamWeightDecay optimizer.
Use Fixed Regex Patterns
allAvoid using user-controlled regex patterns in include_in_weight_decay and exclude_from_weight_decay parameters.
🧯 If You Can't Patch
- Implement strict input validation for any regex patterns passed to optimizer configuration
- Monitor CPU utilization and implement rate limiting on optimizer configuration endpoints
🔍 How to Verify
Check if Vulnerable:
Check transformers version: python -c "import transformers; print(transformers.__version__)" - if version < 4.53.0, system is vulnerable.Check Version:
python -c "import transformers; print(transformers.__version__)"Verify Fix Applied:
After update, verify version is >=4.53.0 and test with known malicious regex patterns to ensure no CPU spikes.📡 Detection & Monitoring
Log Indicators:
- Sudden sustained 100% CPU utilization in ML processes
- Long-running regex operations in optimizer code
Network Indicators:
- Unusual patterns in optimizer configuration API calls
SIEM Query:
process.cpu.percent:>95 AND process.name:python AND process.args:*transformers*