Security Vulnerabilities - CVEs Published In August 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-08-06
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-08-06
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-06
Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-06
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this issue. CVE-2025-47444 is a duplicate of this issue.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-08-06
Information disclosure while processing a packet at EAVB BE side with invalid header length.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-06
Transient DOS while creating NDP instance.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-06
Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-06
Memory corruption while processing simultaneous requests via escape path.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-06
Information disclosure while accessing and modifying the PIB file of a remote device via powerline.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-06