We use cookies to improve your experience on our site.
AVID-2026-R1656
Description
PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption (CVE-2025-2148)
Details
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
Reason for inclusion in AVID: CVE-2025-2148 is a vulnerability in PyTorch (an AI framework) impacting a function used in ML workflows. It is a software vulnerability (memory corruption) with remote attack potential and affects software used to build/train/deploy AI systems, hence relevant to the AI software supply chain.
References
- NVD entry
- https://vuldb.com/?id.299059
- https://vuldb.com/?ctiid.299059
- https://vuldb.com/?submit.505959
- https://github.com/pytorch/pytorch/issues/147722
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | PyTorch |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
| Base Score | 5.0 |
| Base Severity | 🟠 Medium |
CWE
| ID | Description |
|---|---|
| CWE-119 | Memory Corruption |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-03-10
- Version: 0.3.3
- AVID Entry