Buffer overflow in Google Tensorflow

CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.

Vulnerability class: Buffer Overflow

EPSS: 0.001 (33.9th percentile) — read the EPSS interpretation.

Affected products

Google Tensorflow — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf