Memory Corruption Vulnerability in PyTorch by Meta AI
CVE-2025-2148

2.3LOW

Key Information:

Vendor

Meta AI

Status
Pytorch
Vendor
CVE Published:
10 March 2025

What is CVE-2025-2148?

A vulnerability in PyTorch version 2.6.0+cu124 has been identified, affecting the function torch.ops.profiler._call_end_callbacks_on_jit_fut in the Tuple Handler component. This vulnerability can be triggered by manipulating the 'None' argument, leading to memory corruption. While the attack can be executed remotely, its complexity is relatively high and may pose challenges for successful exploitation.

Affected Version(s)

PyTorch 2.6.0+cu124

References

https://vuldb.com/?id.299059
vdb-entrytechnical-description
https://vuldb.com/?ctiid.299059
signaturepermissions-required
https://vuldb.com/?submit.505959
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Default436352 (VulDB User)
.