CVE-2025-6921 Overview
A Regular Expression Denial of Service (ReDoS) vulnerability has been identified in the HuggingFace Transformers library affecting versions prior to 4.53.0. The vulnerability exists in the AdamWeightDecay optimizer, specifically within the _do_use_weight_decay method which processes user-controlled regular expressions. When malicious regular expressions are supplied through the include_in_weight_decay and exclude_from_weight_decay lists, they can trigger catastrophic backtracking during re.search operations, leading to complete CPU exhaustion and denial of service conditions.
Critical Impact
Attackers who can control regex patterns in the optimizer configuration can cause machine learning tasks to hang indefinitely, rendering ML services and training pipelines completely unresponsive with 100% CPU utilization.
Affected Products
- HuggingFace Transformers versions prior to 4.53.0
Discovery Timeline
- September 23, 2025 - CVE-2025-6921 published to NVD
- October 10, 2025 - Last updated in NVD database
Technical Details for CVE-2025-6921
Vulnerability Analysis
This vulnerability exploits a fundamental weakness in how regular expression engines handle certain pattern structures. The AdamWeightDecay optimizer in HuggingFace Transformers allows users to specify regex patterns for including or excluding certain model parameters from weight decay. These patterns are passed directly to re.search() without validation or sanitization.
The vulnerability is categorized under CWE-400 (Uncontrolled Resource Consumption), as it allows attackers to exhaust CPU resources through specially crafted input. The attack is network-accessible and requires no authentication or user interaction, making it exploitable in any environment where untrusted users can influence optimizer configuration parameters.
Root Cause
The root cause lies in the direct use of user-supplied regular expressions without implementing safeguards against patterns that exhibit exponential time complexity. Regular expression engines using backtracking algorithms are vulnerable to "catastrophic backtracking" when processing certain pattern-input combinations. The _do_use_weight_decay method accepts arbitrary regex patterns in the include_in_weight_decay and exclude_from_weight_decay configuration lists and passes them directly to Python's re.search() function, creating the ReDoS attack surface.
Attack Vector
The attack can be executed by any user who has the ability to configure the AdamWeightDecay optimizer parameters. In ML-as-a-Service platforms, API endpoints, or shared training environments where users can specify optimizer configurations, an attacker can inject malicious regex patterns. When the optimizer processes model parameter names against these patterns, the regex engine enters a state of catastrophic backtracking, consuming 100% CPU and halting the training process indefinitely.
The security patch completely removes regex dependency in affected components:
from shutil import copyfile
from typing import Any, Optional, Union
-import regex as re
import sentencepiece
from ...tokenization_utils import PreTrainedTokenizer
Source: GitHub Commit
Detection Methods for CVE-2025-6921
Indicators of Compromise
- Sustained 100% CPU utilization on systems running HuggingFace Transformers training jobs
- ML training tasks that become unresponsive or hang indefinitely without progress
- Unusual or complex regex patterns in optimizer configuration files or API requests
- Process threads stuck in regex evaluation operations for extended periods
Detection Strategies
- Monitor CPU utilization patterns on ML training infrastructure for anomalous sustained spikes
- Implement logging and alerting on optimizer configuration changes, particularly regex pattern modifications
- Audit incoming API requests or configuration files for suspicious regex patterns containing nested quantifiers or overlapping alternatives
- Deploy application-level timeouts for regex evaluation operations
Monitoring Recommendations
- Establish baseline CPU metrics for normal training operations and alert on significant deviations
- Implement request tracing to correlate configuration changes with performance degradation
- Monitor process states for threads stuck in system calls associated with regex evaluation
- Set up automated alerts for training jobs that exceed expected duration thresholds
How to Mitigate CVE-2025-6921
Immediate Actions Required
- Upgrade HuggingFace Transformers to version 4.53.0 or later immediately
- Audit existing optimizer configurations for any externally-supplied regex patterns
- Implement input validation to reject complex regex patterns from untrusted sources
- Consider implementing regex execution timeouts as a defense-in-depth measure
Patch Information
HuggingFace has addressed this vulnerability in version 4.53.0 by removing the regex dependency in affected tokenization components. The fix eliminates the ReDoS attack surface by avoiding regex processing of user-controlled input entirely. The security patch is available via the GitHub commit. Additional technical details about the vulnerability can be found in the Huntr bounty report.
Workarounds
- Restrict optimizer configuration to trusted administrators only until patching is complete
- Implement allowlisting for regex patterns, permitting only known-safe expressions
- Add application-level timeouts around regex operations as a temporary measure
- Validate and sanitize all user-supplied regex patterns before passing to the optimizer
# Upgrade HuggingFace Transformers to patched version
pip install --upgrade transformers>=4.53.0
# Verify installed version
pip show transformers | grep Version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
