Cyber Resilience

CVE-2024-12720

High

Published: 20 March 2025

Published
20 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0023 45.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12720 is a high-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Huggingface Transformers. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 45.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2024-12720 is a Regular Expression Denial of Service (ReDoS) vulnerability in the Hugging Face transformers library, specifically within the tokenization_nougat_fast.py file's post_process_single() function. The issue arises from a regular expression that exhibits exponential time complexity due to excessive backtracking when processing specially crafted input, resulting in high CPU usage and potential application downtime. This affects version v4.46.3, which was the latest at the time of disclosure, and is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), mapped to CWE-1333.

The vulnerability can be exploited by any remote attacker with network access, requiring low attack complexity, no privileges, and no user interaction. By supplying malicious input to the vulnerable function, an attacker triggers the ReDoS condition, causing severe resource exhaustion and denial of service that disrupts application availability.

Mitigation is available via a patch in the transformers repository at commit deac971c469bcbb182c2e52da0b82fb3bf54cccf. Security practitioners should update to a version incorporating this fix. The issue was disclosed through Huntr, with bounty details at https://huntr.com/bounties/4bed1214-7835-4252-a853-22bbad891f98.

This vulnerability is particularly relevant to AI/ML workflows, as the transformers library is a core component for natural language processing models, underscoring the need to validate inputs in ML tokenization pipelines.

EU & UK References

Vulnerability details

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex…

more

exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest).

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: huggingface, transformers

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

ReDoS vulnerability in tokenization function enables application resource exhaustion (high CPU, downtime) via crafted input, facilitating endpoint DoS through application exploitation.

CVEs Like This One

CVE-2026-5241Same product: Huggingface Transformers
CVE-2024-58340Shared CWE-1333
CVE-2024-46242Shared CWE-1333
CVE-2025-70030Shared CWE-1333
CVE-2024-41766Shared CWE-1333
CVE-2026-4867Shared CWE-1333
CVE-2025-10990Shared CWE-1333
CVE-2026-27904Shared CWE-1333
CVE-2024-8998Shared CWE-1333
CVE-2026-2654Same vendor: Huggingface

Affected Assets

huggingface
transformers
≤ 4.48.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the ReDoS vulnerability by requiring timely patching of the vulnerable regex in tokenization_nougat_fast.py of the transformers library.

prevent

Validates and sanitizes inputs to the post_process_single() function to block specially crafted payloads that trigger exponential backtracking.

prevent

Protects against denial-of-service from resource exhaustion by implementing controls like rate limiting and CPU resource quotas for the affected tokenization process.

References