CVE-2025-14927 is a critical vulnerability identified in the Hugging Face Transformers library, version 4.57.0, specifically within the convert_config function. This function improperly handles user-supplied strings by executing them as Python code without adequate validation, leading to a code injection flaw classified under CWE-94. An attacker who can trick a user into converting a maliciously crafted checkpoint file can execute arbitrary code remotely with the privileges of the current user. The vulnerability requires user interaction, meaning the target must perform the conversion operation on the malicious checkpoint. The flaw impacts confidentiality, integrity, and availability because arbitrary code execution can lead to data theft, system compromise, or denial of service. The CVSS 3.0 base score of 7.8 reflects a high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). While no public exploits are currently known, the vulnerability poses a significant risk given the popularity of Hugging Face Transformers in AI/ML pipelines. The lack of a patch at the time of publication necessitates immediate risk mitigation strategies. This vulnerability was initially reported as ZDI-CAN-28252 and is now publicly disclosed.

For European organizations, the impact of CVE-2025-14927 can be substantial, especially those engaged in AI research, development, and deployment using Hugging Face Transformers. Successful exploitation can lead to unauthorized code execution, enabling attackers to access sensitive data, manipulate machine learning models, disrupt AI services, or pivot within networks. This can compromise intellectual property, violate data protection regulations such as GDPR, and cause operational downtime. Organizations relying on automated ML workflows or integrating third-party checkpoints are particularly vulnerable. The requirement for user interaction limits mass exploitation but does not eliminate risk, as social engineering or supply chain attacks could facilitate exploitation. The high confidentiality and integrity impact also raise concerns for sectors handling sensitive or regulated data, including finance, healthcare, and government. Additionally, compromised AI models could produce erroneous outputs, undermining trust and decision-making processes.

To mitigate CVE-2025-14927, European organizations should: 1) Immediately avoid converting or loading checkpoint files from untrusted or unauthenticated sources to prevent malicious input. 2) Monitor for updates from Hugging Face and apply security patches promptly once released. 3) Implement strict input validation and sanitization around any user-supplied configuration or checkpoint data before processing. 4) Employ sandboxing or containerization techniques to isolate the execution environment of the convert_config function, limiting potential damage from code execution. 5) Educate users and developers about the risks of processing untrusted checkpoints and enforce policies restricting such actions. 6) Integrate runtime monitoring and anomaly detection to identify suspicious activities during model conversion or execution. 7) Review and harden access controls to minimize privileges of users performing model conversions, reducing the impact of potential exploitation.