DescriptionRegular Expression Denial of Service (ReDoS) vulnerabilities exist in the knack.introspection module, part of the knack Python package maintained by Microsoft and used by Azure CLI. The functions, extract_full_summary_from_signature (CVE-2025-54363) and option_descriptions (CVE-2025-54364), employ an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)". This pattern is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption and degrade performance over time. Processing time increases exponentially with input size, potentially leading to resource exhaustion and denial of service.