AI Sec Watch

CVE-2025-31843 is a missing authorization vulnerability (a security flaw where the software fails to properly check if a user has permission to perform an action) in the Wilson OpenAI Tools plugin for WordPress and WooCommerce that affects versions up to 2.1.5. The vulnerability allows attackers to exploit incorrectly configured access controls, meaning they can perform actions they shouldn't be allowed to do.

PyTorch 2.6.0 contains a critical vulnerability (CVE-2025-3001) in the torch.lstm_cell function that causes memory corruption (damage to data stored in a computer's memory) through local manipulation. The vulnerability requires local access to exploit and has been publicly disclosed.

A critical vulnerability (CVE-2025-3000) was found in PyTorch 2.6.0 affecting the torch.jit.script function, which causes memory corruption (damage to data stored in a computer's RAM). The vulnerability can be exploited locally (by someone with access to the same machine) and has already been publicly disclosed, making it a known risk.

CVE-2025-2999 is a critical vulnerability in PyTorch 2.6.0 affecting the torch.nn.utils.rnn.unpack_sequence function, which causes memory corruption (unsafe access to computer memory). An attacker must have local access (ability to run code on the same machine) to exploit this bug, and the vulnerability has already been made public.

PyTorch 2.6.0 contains a critical vulnerability (CVE-2025-2998) in the torch.nn.utils.rnn.pad_packed_sequence function that causes memory corruption (a situation where data in a program's memory is accidentally overwritten or damaged). An attacker with local access (ability to run code on the same machine) can exploit this flaw, and the vulnerability details have been publicly disclosed.

Three major AI companies (OpenAI, Google, and Anthropic) submitted public comments to the U.S. government's request for input on developing an 'AI Action Plan' in response to President Trump's executive order. The companies largely advocated for increased government investment in AI infrastructure and public-private partnerships, though they framed their arguments differently, with OpenAI notably avoiding the term 'AI safety' in its response despite previous public emphasis on the topic.

A vulnerability in PyTorch 2.6.0+cu124 affects the torch.mkldnn_max_pool2d function, a component used for processing image data. The vulnerability can cause a denial of service (making a system unavailable), but requires local access to the machine. The vulnerability's real existence is still disputed.

Mesop is a Python-based UI framework for building web applications that has a class pollution vulnerability (a flaw allowing attackers to modify global variables and class attributes at runtime, similar to prototype pollution in JavaScript) in versions before 0.14.1. This vulnerability could cause denial of service attacks (making a service unavailable), identity confusion where attackers impersonate system roles, jailbreak attacks against LLMs (large language models, AI systems that generate text), or potentially remote code execution (running unauthorized commands on a server) depending on how the application is built.

OWASP (Open Worldwide Application Security Project, a nonprofit that helps organizations secure their software) has renamed and promoted its OWASP Top 10 for LLM (large language model, an AI trained on massive amounts of text data) project to the OWASP Gen AI Security Project, expanding its focus from just listing AI vulnerabilities to providing broader guidance on governance, risk management, and compliance for generative AI systems. The project now includes over 600 experts from 18 countries and has published new resources like the Agentic AI Threats and Mitigations Guide (addressing security risks in autonomous AI systems) along with translations in six additional languages.