CVE-2025-3777

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector : AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/huggingface/transformers/commit/4dda5f71b35fb70cf602187eef84bb17a50b9082	Patch
https://huntr.com/bounties/ccba0730-9248-4853-b7ff-5c20e6364f09	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*

History

07 Aug 2025, 00:54

Type	Values Removed	Values Added
References	~~() https://github.com/huggingface/transformers/commit/4dda5f71b35fb70cf602187eef84bb17a50b9082 -~~	() https://github.com/huggingface/transformers/commit/4dda5f71b35fb70cf602187eef84bb17a50b9082 - Patch
References	~~() https://huntr.com/bounties/ccba0730-9248-4853-b7ff-5c20e6364f09 -~~	() https://huntr.com/bounties/ccba0730-9248-4853-b7ff-5c20e6364f09 - Exploit, Third Party Advisory
CWE		NVD-CWE-noinfo
First Time		Huggingface transformers Huggingface
CPE		cpe:2.3:a:huggingface:transformers::::::::

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 10:15

Updated : 2025-08-07 00:54

NVD link : CVE-2025-3777

Mitre link : CVE-2025-3777

CVE.ORG link : CVE-2025-3777

JSON object : View

Products Affected

huggingface

transformers

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2025-3777", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2025-07-07T10:15:28.297", "references": [{"url": "https://github.com/huggingface/transformers/commit/4dda5f71b35fb70cf602187eef84bb17a50b9082", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/ccba0730-9248-4853-b7ff-5c20e6364f09", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1."}, {"lang": "es", "value": "Las versiones de Hugging Face Transformers hasta la 4.49.0 se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta en el archivo `image_utils.py`. Esta vulnerabilidad se debe a una validaci\u00f3n de URL insegura mediante el m\u00e9todo `startswith()`, que puede eludirse mediante la inyecci\u00f3n de nombres de usuario en la URL. Esto permite a los atacantes manipular URL que parecen provenir de YouTube, pero que redirigen a dominios maliciosos, lo que podr\u00eda provocar ataques de phishing, distribuci\u00f3n de malware o exfiltraci\u00f3n de datos. El problema se ha corregido en la versi\u00f3n 4.52.1."}], "lastModified": "2025-08-07T00:54:16.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "603CA36F-1ABE-4950-8FC3-CCB444106044", "versionEndExcluding": "4.52.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}