How severe is CVE-2025-1194?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-1194?

This is classified as CWE-1333, which is a common weakness in software security.

CVE-2025-1194 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).

Related Vulnerabilities

CVE-2022-2908

MEDIUM

CVSS:4.3(Medium)

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 all...

CWE-13332022

CVE-2024-6434

MEDIUM

CVSS:4.3(Medium)

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-suppli...

CWE-13332024

CVE-2024-9506

LOW

CVSS:3.7(Low)

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.

CWE-13332024

CVE-2022-34402

MEDIUM

CVSS:4.9(Medium)

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.

CWE-13332022

CVE-2024-39317

MEDIUM

CVSS:4.9(Medium)

Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to pars...

CWE-13332024

CVE-2024-9277

MEDIUM

CVSS:3.5(Low)

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of th...

CWE-13332024