CVE-2025-54364: Microsoft Knack ReDoS Vulnerability in the Introspection Module

August 20, 2025 (updated August 21, 2025)

Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 2 of 2).

References

github.com/advisories/GHSA-xh9h-692f-mmg4
github.com/microsoft/knack
github.com/microsoft/knack/issues/281
nvd.nist.gov/vuln/detail/CVE-2025-54364
www.vulncheck.com/advisories/microsoft-knack-python-package-regular-expression-dos

Code Behaviors & Features

Detect and mitigate CVE-2025-54364 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →