AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-2998: A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the func

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 31, 2025CVE-2025-2998

Summary

PyTorch 2.6.0 contains a critical vulnerability (CVE-2025-2998) in the torch.nn.utils.rnn.pad_packed_sequence function that causes memory corruption (a situation where data in a program's memory is accidentally overwritten or damaged). An attacker with local access (ability to run code on the same machine) can exploit this flaw, and the vulnerability details have been publicly disclosed.

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-119

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-2998

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 92%