CVE-2025-6051

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers versions up to 4.52.4

Description A Regular Expression Denial of Service (ReDoS) vulnerability exists in the normalize numbers() method of the EnglishNormalizer class. This issue arises from the method's handling of numeric strings, which can be exploited using crafted input strings containing long sequences of digits, leading to excessive CPU consumption. This impacts text-to-speech and number normalization tasks, potentially causing service disruption and resource exhaustion.

Recommendations Update to version 4.53.0 or later.