Cyber Resilience

CVE-2025-2148

Low

Published: 10 March 2025

Published
10 March 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0008 24.4th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2148 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linuxfoundation Pytorch. Its CVSS base score is 2.3 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 24.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-2148 is a critical vulnerability in PyTorch version 2.6.0+cu124, affecting the function torch.ops.profiler._call_end_callbacks_on_jit_fut within the Tuple Handler component. The issue stems from manipulation of the argument None, resulting in memory corruption classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). It carries a CVSS v3.1 base score of 5.0 (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) and was published on 2025-03-10.

Remote attackers with no privileges can exploit this vulnerability, though it requires high attack complexity and user interaction. Successful exploitation leads to limited impacts, including low confidentiality, integrity, and availability effects through memory corruption.

Advisories and further details are available in the referenced sources, including PyTorch GitHub issues at https://github.com/pytorch/pytorch/issues/147722 and VulDB entries at https://vuldb.com/?ctiid.299059, https://vuldb.com/?id.299059, and https://vuldb.com/?submit.505959, which security practitioners should consult for patch information and mitigation guidance.

EU & UK References

Vulnerability details

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be…

more

launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

CWE(s)

AI Security AnalysisAI

AI Category
Deep Learning Frameworks
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: pytorch

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The remote memory corruption vulnerability (CWE-119) in PyTorch's profiler function causes a segmentation fault/crash upon manipulation with a None argument, enabling application-level denial of service via exploitation.

CVEs Like This One

CVE-2026-24747Same product: Linuxfoundation Pytorch
CVE-2024-24422Same vendor: Linuxfoundation
CVE-2024-24419Same vendor: Linuxfoundation
CVE-2023-37029Same vendor: Linuxfoundation
CVE-2026-33218Same vendor: Linuxfoundation
CVE-2026-37532Same vendor: Linuxfoundation
CVE-2025-68136Same vendor: Linuxfoundation
CVE-2024-24418Same vendor: Linuxfoundation
CVE-2025-68141Same vendor: Linuxfoundation
CVE-2025-68133Same vendor: Linuxfoundation

Affected Assets

linuxfoundation
pytorch
2.6.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, testing, and installation of security patches for known flaws like CVE-2025-2148 in PyTorch, directly eliminating the memory corruption vulnerability.

prevent

SI-16 implements memory protection safeguards such as ASLR and DEP that directly mitigate memory corruption exploits from invalid inputs like None in PyTorch's tuple handler.

prevent

SI-10 enforces input validation at system entry points to restrict manipulation of arguments like None passed to vulnerable PyTorch functions, reducing exploitation risk.

References