CVE-2023-25674: TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in
highvulnerability
security
Summary
TensorFlow, an open source machine learning platform, has a null pointer error (a crash caused by the program trying to access memory that doesn't exist) in its RandomShuffle function when XLA (a compiler for machine learning) is enabled in versions before 2.12.0 and 2.11.1. This vulnerability has been assigned CVE-2023-25674.
Solution / Mitigation
Update TensorFlow to version 2.12.0 or 2.11.1, which include the fix for this null pointer error.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.3%
Classification
Attack SophisticationModerate
Impact (CIA+S)
availabilityintegrity
AI Component TargetedFramework
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Google
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-25674
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 95%