CVE-2023-25668: TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can acc
Summary
TensorFlow (an open-source machine learning platform) versions before 2.12.0 and 2.11.1 have a vulnerability that allows attackers to access heap memory (the part of a computer's memory used for dynamic storage) that shouldn't be accessible, potentially causing the program to crash or allowing remote code execution (running commands on a system remotely without authorization). This is caused by heap-based buffer overflow and out-of-bounds read errors (reading data from memory locations outside the intended boundaries).
Solution / Mitigation
The fix will be included in TensorFlow version 2.12.0 and will also be cherry-picked (selectively applied) to TensorFlow version 2.11.1.
Vulnerability Details
9.8(critical)
EPSS: 1.7%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-25668
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 95%