We use cookies to improve your experience on our site.
AVID-2026-R1686
Description
MindSpore mindspore.numpy.fft.rfft2 memory corruption (CVE-2025-3145)
Details
A vulnerability, which was classified as problematic, has been found in MindSpore 2.5.0. Affected by this issue is the function mindspore.numpy.fft.rfft2. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Reason for inclusion in AVID: CVE-2025-3145 affects MindSpore’s ML framework (mindspore.numpy.fft.rfft2), causing memory corruption with a local exploit. This is a software vulnerability in a component used to build/train/deploy AI systems, impacting the AI software stack. It is relevant to software supply chains for general-purpose AI systems.
References
- NVD entry
- https://vuldb.com/?id.303050
- https://vuldb.com/?ctiid.303050
- https://gitee.com/mindspore/mindspore/issues/IBVKM8
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | MindSpore |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Base Score | 3.3 |
| Base Severity | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-119 | Memory Corruption |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-04-03
- Version: 0.3.3
- AVID Entry