AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-2999: A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 31, 2025CVE-2025-2999

Summary

CVE-2025-2999 is a critical vulnerability in PyTorch 2.6.0 affecting the torch.nn.utils.rnn.unpack_sequence function, which causes memory corruption (unsafe access to computer memory). An attacker must have local access (ability to run code on the same machine) to exploit this bug, and the vulnerability has already been made public.

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-119

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-2999

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 92%