CVE-2025-3777
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Transformers's Improper Input Validation vulnerability can be exploited through username injection
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | transformers | <4.52.1 | 4.52.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-3777
- https://github.com/huggingface/transformers/commit/4dda5f71b35fb70cf602187eef84bb17a50b9082
- https://github.com/huggingface/transformers
- https://github.com/huggingface/transformers/blame/a7d2bbaaa8aac64f7c1ee8c1421cfe84b38359a4/src/transformers/image_utils.py
- https://huntr.com/bounties/ccba0730-9248-4853-b7ff-5c20e6364f09
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.