Improper JSON Handling in Google Tensorflow Serving
CVE-2025-0649

8.9HIGH

Key Information:

Vendor: Google
Status: Tensorflow
Vendor: CVE Published:; 6 May 2025

Summary

A flaw exists in Google’s Tensorflow Serving that stems from incorrect handling of JSON input stringification. This issue can lead to unbounded recursion, which may ultimately cause a server crash, impacting the availability of the application.

Affected Version(s)

Tensorflow 0 <= 2.18.0

References

https://github.com/tensorflow/serving/commit/6cb013167d13...

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 6, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

Ori Hollander of the JFrog Vulnerability Research Team