CVE-2025-6638 is a Regular Expression Denial of Service (ReDoS) vulnerability identified in the Hugging Face Transformers library, specifically within the MarianTokenizer's remove_language_code() method. This vulnerability stems from inefficient processing of regular expressions when handling input strings containing malformed or crafted language code patterns. The affected versions include 4.52.4 and potentially earlier versions, with the issue resolved in version 4.53.0. The vulnerability allows an attacker to supply specially crafted input that triggers excessive CPU consumption due to the regex engine's backtracking behavior, leading to a denial of service condition. This type of vulnerability does not compromise confidentiality or integrity but impacts availability by exhausting processing resources. The CVSS score of 5.3 (medium severity) reflects that the attack can be launched remotely without authentication or user interaction, but the impact is limited to availability degradation. No known exploits have been reported in the wild as of the publication date. The root cause is inefficient regex complexity (CWE-1333), a common issue where certain regex patterns cause exponential time processing on malicious inputs. Since Hugging Face Transformers is widely used in natural language processing (NLP) applications, especially those involving tokenization and language detection, this vulnerability could affect any service or application that utilizes the vulnerable tokenizer method on untrusted input data. Attackers could exploit this by sending maliciously crafted text inputs to NLP services, causing service slowdowns or outages.

For European organizations, the impact primarily concerns availability disruptions in NLP-driven services or applications that integrate the Hugging Face Transformers library, particularly the MarianTokenizer component. Organizations leveraging these models for language translation, chatbots, content moderation, or other AI-driven text processing could experience service degradation or denial of service if exposed to crafted inputs exploiting this vulnerability. This could affect customer-facing applications, internal automation, or data processing pipelines, potentially leading to operational interruptions and reputational damage. Since the vulnerability does not affect confidentiality or integrity, data breaches or unauthorized data manipulation are not direct concerns. However, denial of service conditions could impact critical services, especially in sectors like finance, healthcare, or government where NLP tools are increasingly integrated. The medium severity rating suggests that while the risk is not critical, it should be addressed promptly to maintain service reliability and prevent potential exploitation in production environments.

European organizations should upgrade the Hugging Face Transformers library to version 4.53.0 or later, where the vulnerability has been fixed. If immediate upgrading is not feasible, organizations should implement input validation and sanitization to detect and reject malformed or suspicious language code patterns before they reach the vulnerable tokenizer method. Rate limiting and anomaly detection on text input endpoints can help mitigate the risk of exploitation by limiting the volume of potentially malicious inputs. Additionally, monitoring CPU usage and application performance metrics can provide early warning signs of attempted ReDoS attacks. For critical systems, consider isolating NLP processing components behind dedicated services with resource constraints (e.g., CPU quotas, timeouts) to prevent cascading failures. Security teams should also review deployment architectures to ensure that untrusted user inputs are not directly processed by vulnerable components without proper filtering. Finally, maintain awareness of updates from Hugging Face and related security advisories to promptly apply patches.