Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-s9jb-vbrz-2qa5
Vulnerability ID VCID-s9jb-vbrz-2qa5
Aliases CVE-2025-6051
GHSA-rcv9-qm8p-9p6j
Summary transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1333 Inefficient Regular Expression Complexity
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6051.json
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2025-6051
cvssv3.1 5.3 https://github.com/huggingface/transformers
generic_textual MODERATE https://github.com/huggingface/transformers
cvssv3.1 5.3 https://github.com/huggingface/transformers/commit/54a02160eb030da9be18231c77791f2eb3a52216
generic_textual MODERATE https://github.com/huggingface/transformers/commit/54a02160eb030da9be18231c77791f2eb3a52216
cvssv3 5.3 https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0
cvssv3.1 5.3 https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0
generic_textual MODERATE https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0
ssvc Track https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0
cvssv3.1 5.3 https://github.com/huggingface/transformers/pull/38844
generic_textual MODERATE https://github.com/huggingface/transformers/pull/38844
cvssv3 5.3 https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
cvssv3.1 5.3 https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
generic_textual MODERATE https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
ssvc Track https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2025-6051
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-6051
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6051.json
https://api.first.org/data/v1/epss?cve=CVE-2025-6051
https://github.com/huggingface/transformers
https://github.com/huggingface/transformers/commit/54a02160eb030da9be18231c77791f2eb3a52216
https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0
https://github.com/huggingface/transformers/pull/38844
https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
https://nvd.nist.gov/vuln/detail/CVE-2025-6051
2395072 https://bugzilla.redhat.com/show_bug.cgi?id=2395072
GHSA-rcv9-qm8p-9p6j https://github.com/advisories/GHSA-rcv9-qm8p-9p6j
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6051.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/huggingface/transformers
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/huggingface/transformers/commit/54a02160eb030da9be18231c77791f2eb3a52216
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T15:59:46Z/ Found at https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/huggingface/transformers/pull/38844
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T15:59:46Z/ Found at https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-6051
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.12431
EPSS Score 0.0004
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:40:11.651292+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6051.json 38.6.0