Skip to main content

AI / ML CVE-2025-2148

MEDIUM
Buffer Overflow (CWE-119)
2025-03-10 cna@vuldb.com
Buffer Overflow AI / ML Pytorch
5.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:50 vuln.today
CVE Published
Mar 10, 2025 - 12:15 nvd
MEDIUM 5.0

DescriptionNVD

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

AnalysisAI

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. [CVSS 5.0 MEDIUM]

Technical ContextAI

Classified as CWE-119 (Buffer Overflow). A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

Affected ProductsAI

PyTorch 2.6.0+cu124

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

Share

CVE-2025-2148 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy