CVE-2025-2148
Published: 10 March 2025
Summary
CVE-2025-2148 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linuxfoundation Pytorch. Its CVSS base score is 2.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 24.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-2148 is a critical vulnerability in PyTorch version 2.6.0+cu124, affecting the function torch.ops.profiler._call_end_callbacks_on_jit_fut within the Tuple Handler component. The issue stems from manipulation of the argument None, resulting in memory corruption classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). It carries a CVSS v3.1 base score of 5.0 (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) and was published on 2025-03-10.
Remote attackers with no privileges can exploit this vulnerability, though it requires high attack complexity and user interaction. Successful exploitation leads to limited impacts, including low confidentiality, integrity, and availability effects through memory corruption.
Advisories and further details are available in the referenced sources, including PyTorch GitHub issues at https://github.com/pytorch/pytorch/issues/147722 and VulDB entries at https://vuldb.com/?ctiid.299059, https://vuldb.com/?id.299059, and https://vuldb.com/?submit.505959, which security practitioners should consult for patch information and mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7522
Vulnerability details
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be…
more
launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: pytorch
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote memory corruption vulnerability (CWE-119) in PyTorch's profiler function causes a segmentation fault/crash upon manipulation with a None argument, enabling application-level denial of service via exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely identification, reporting, testing, and installation of security patches for known flaws like CVE-2025-2148 in PyTorch, directly eliminating the memory corruption vulnerability.
SI-16 implements memory protection safeguards such as ASLR and DEP that directly mitigate memory corruption exploits from invalid inputs like None in PyTorch's tuple handler.
SI-10 enforces input validation at system entry points to restrict manipulation of arguments like None passed to vulnerable PyTorch functions, reducing exploitation risk.