AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2023-25801: TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool

highvulnerability

security

Source: NVD/CVE DatabaseMarch 25, 2023CVE-2023-25801

Summary

TensorFlow, an open source machine learning platform, had a bug in two pooling functions (`nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2`) that required certain parameters to equal 1.0 because pooling on batch and channel dimensions (the different ways data is organized in the neural network) was not supported. This vulnerability was fixed in TensorFlow versions 2.12.0 and 2.11.1.

Solution / Mitigation

Update to TensorFlow version 2.12.0 or 2.11.1, which include the fix for this vulnerability.

Vulnerability Details

CVSS Score

8(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-415

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-25801

First tracked: February 15, 2026 at 08:42 PM

Classified by LLM (prompt v3) · confidence: 92%