CVE-2025-0649 — HIGH (CVSS 7.5) AI Security Vulnerability

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
tensorflow_serving	pip	—	No patch

Do you use tensorflow_serving? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.

Weaknesses (CWE)

CWE-787 Primary CWE-121

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf
Patch

Timeline

Published

May 6, 2025

Last Modified

July 31, 2025

First Seen

May 6, 2025