Denial of Service in TensorFlow - Conv2D Layer Padding Issue
CVE-2025-55559

7.5HIGH

Key Information:

Vendor: Google
Status: TensorFlow
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-55559?

A vulnerability has been identified in TensorFlow v2.18.0 that leads to a Denial of Service condition when the Conv2D layer is configured with 'valid' padding. This misconfiguration can lead to resource exhaustion, preventing the model from functioning correctly and impacting applications relying on TensorFlow for processing.

References

https://github.com/tensorflow/tensorflow/issues/84205

https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Aug 13, 2025

JSON

Google

What is CVE-2025-55559?

References

CVSS V3.1

Timeline