The vulnerability of the get_imports() function in the Transformers library allows a hacker to trigger a service failure.

🗓️ 24 Mar 2026 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in Transformers get_imports due to inefficient regex could trigger service failures.

Reporter	Title	Published	Views	Family All 20
Huntr	Regular expression Denial of Service - ReDoS	17 Mar 202516:10	–	huntr
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and improper input validation [CVE-2025-3262] [CVE-2025-3263] [CVE-2025-3264] [CVE-2025-3777]	9 Jul 202517:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge	25 Mar 202619:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263]	31 Oct 202518:45	–	ibm
Chainguard	CVE-2025-3264 vulnerabilities	14 Jan 202601:17	–	cgr
Circl	CVE-2025-3264	7 Jul 202512:05	–	circl
CNNVD	Hugging Face Transformers 安全漏洞	7 Jul 202500:00	–	cnnvd
CVE	CVE-2025-3264	7 Jul 202509:55	–	cve
Cvelist	CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers	7 Jul 202509:55	–	cvelist
EUVD	EUVD-2025-20214	3 Oct 202520:07	–	euvd

Vulners

Node

hugging_face,transformersRange4.49.0–4.51.0

Source	Link
github	www.github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76
huntr	www.huntr.com/bounties/3c6f7822-9992-476d-8cf0-b0b1623427df
web	www.web.nvd.nist.gov/view/vuln/detail

24 Mar 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 25

CVSS 35.3

EPSS0.00431

transformers library get_imports function inefficient regular expression service failures