CVE-2024-12720
Published: 20 March 2025
Summary
CVE-2024-12720 is a high-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Huggingface Transformers. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 45.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the ReDoS vulnerability by requiring timely patching of the vulnerable regex in tokenization_nougat_fast.py of the transformers library.
Validates and sanitizes inputs to the post_process_single() function to block specially crafted payloads that trigger exponential backtracking.
Protects against denial-of-service from resource exhaustion by implementing controls like rate limiting and CPU resource quotas for the affected tokenization process.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
ReDoS vulnerability in tokenization function enables application resource exhaustion (high CPU, downtime) via crafted input, facilitating endpoint DoS through application exploitation.
NVD Description
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex…
more
exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest).
Deeper analysisAI
CVE-2024-12720 is a Regular Expression Denial of Service (ReDoS) vulnerability in the Hugging Face transformers library, specifically within the tokenization_nougat_fast.py file's post_process_single() function. The issue arises from a regular expression that exhibits exponential time complexity due to excessive backtracking when processing specially crafted input, resulting in high CPU usage and potential application downtime. This affects version v4.46.3, which was the latest at the time of disclosure, and is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), mapped to CWE-1333.
The vulnerability can be exploited by any remote attacker with network access, requiring low attack complexity, no privileges, and no user interaction. By supplying malicious input to the vulnerable function, an attacker triggers the ReDoS condition, causing severe resource exhaustion and denial of service that disrupts application availability.
Mitigation is available via a patch in the transformers repository at commit deac971c469bcbb182c2e52da0b82fb3bf54cccf. Security practitioners should update to a version incorporating this fix. The issue was disclosed through Huntr, with bounty details at https://huntr.com/bounties/4bed1214-7835-4252-a853-22bbad891f98.
This vulnerability is particularly relevant to AI/ML workflows, as the transformers library is a core component for natural language processing models, underscoring the need to validate inputs in ML tokenization pipelines.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability is in the Hugging Face Transformers library, specifically in tokenization_nougat_fast.py, which is a core component for NLP and Transformer-based models, confirming it as AI-related in the NLP and Transformers category.