CVE-2025-54363: Microsoft Knack ReDoS Vulnerability in the Introspection Module

August 20, 2025 (updated August 21, 2025)

Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 1 of 2).

References

github.com/advisories/GHSA-6fxp-p9mg-q64w
github.com/microsoft/knack
github.com/microsoft/knack/issues/281
nvd.nist.gov/vuln/detail/CVE-2025-54363
www.vulncheck.com/advisories/microsoft-knack-python-package-regular-expression-dos

Code Behaviors & Features

Detect and mitigate CVE-2025-54363 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →