CVE-2025-2148

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

CVSS v3 5.0 MEDIUM
CVSS v2.0 5.1 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/pytorch/pytorch/issues/147722	Issue Tracking
https://vuldb.com/?ctiid.299059	Permissions Required VDB Entry
https://vuldb.com/?id.299059	Third Party Advisory VDB Entry
https://vuldb.com/?submit.505959	Third Party Advisory VDB Entry
https://github.com/pytorch/pytorch/issues/147722	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:pytorch:pytorch:2.6.0\+cu124:*:*:*:*:*:*:*

History

23 Jun 2025, 18:47

Type	Values Removed	Values Added
First Time		Pytorch Pytorch pytorch
CPE		cpe:2.3:a:pytorch:pytorch:2.6.0\+cu124:::::::*
Summary		(es) Se ha encontrado una vulnerabilidad en PyTorch 2.6.0+cu124. Se ha declarado como crítica. Esta vulnerabilidad afecta a la función Torch.ops.profiler._call_end_callbacks_on_jit_fut del componente Tuple Handler. La manipulación del argumento None provoca la corrupción de la memoria. El ataque se puede lanzar de forma remota. Es un ataque de complejidad bastante alta. Parece difícil de explotar.
References	~~() https://github.com/pytorch/pytorch/issues/147722 -~~	() https://github.com/pytorch/pytorch/issues/147722 - Issue Tracking
References	~~() https://vuldb.com/?ctiid.299059 -~~	() https://vuldb.com/?ctiid.299059 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.299059 -~~	() https://vuldb.com/?id.299059 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.505959 -~~	() https://vuldb.com/?submit.505959 - Third Party Advisory, VDB Entry

10 Mar 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://github.com/pytorch/pytorch/issues/147722 -~~	() https://github.com/pytorch/pytorch/issues/147722 -

10 Mar 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-10 12:15

Updated : 2025-06-23 18:47

NVD link : CVE-2025-2148

Mitre link : CVE-2025-2148

CVE.ORG link : CVE-2025-2148

JSON object : View

Products Affected

pytorch

pytorch

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.0 /10