We use cookies to improve your experience on our site.
AVID-2026-R1685
Description
MindSpore mindspore.numpy.fft.hfftn memory corruption (CVE-2025-3144)
Details
A vulnerability classified as problematic was found in MindSpore 2.5.0. Affected by this vulnerability is the function mindspore.numpy.fft.hfftn. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Reason for inclusion in AVID: CVE-2025-3144 targets MindSpore (an AI framework) in the function mindspore.numpy.fft.hfftn, causing memory corruption. This is a software vulnerability in a component commonly used in AI model development, training, and execution, with potential local exploitation. It affects the AI software stack, representing a software supply chain issue in AI systems as it concerns dependencies in ML pipelines and runtimes.
References
- NVD entry
- https://vuldb.com/?id.303049
- https://vuldb.com/?ctiid.303049
- https://vuldb.com/?submit.525333
- https://gitee.com/mindspore/mindspore/issues/IBVKM8
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | MindSpore |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Base Score | 3.3 |
| Base Severity | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-119 | Memory Corruption |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-04-03
- Version: 0.3.3
- AVID Entry