CVE-2025-2148

ADVISORY - nist

Summary

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

EPSS Score⁠: 0.00084 (0.242)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-119⁠

Improper Restriction of Operations within the Bounds of a Memory Buffer

Impacted images

Advisories

NIST

CREATED

1 year ago

UPDATED

3 months ago

ADVISORY IDCVE-2025-2148⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-119⁠

CVSS SCORE

2.3low

Debian

CREATED

1 year ago

UPDATED

22 days ago

ADVISORY IDCVE-2025-2148⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 year ago

UPDATED

4 months ago

ADVISORY IDCVE-2025-2148⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

PypA

CREATED

1 year ago

UPDATED

16 hours ago

ADVISORY ID

PYSEC-2025-189

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Bitnami

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

BIT-pytorch-2025-2148

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

2.3low