CVE-2023-25672: TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle
Summary
TensorFlow, an open source platform for machine learning, has a bug in the `tf.raw_ops.LookupTableImportV2` function where it cannot properly handle scalar values (single values, not arrays) in the `values` parameter, causing an NPE (null pointer exception, when the program tries to use a value that doesn't exist). This is a type of vulnerability called NULL Pointer Dereference (CWE-476).
Solution / Mitigation
A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Users can also reference the patch at https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69.
Vulnerability Details
7.5(high)
EPSS: 0.1%
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-25672
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 95%