AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-2148: A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is th

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 10, 2025CVE-2025-2148

Summary

A critical vulnerability (CVE-2025-2148) was found in PyTorch 2.6.0+cu124 in a function called torch.ops.profiler._call_end_callbacks_on_jit_fut that handles tuples (groups of related data). When the function receives a None argument (a placeholder for "no value"), it causes memory corruption (where data stored in memory gets damaged or overwritten), and the attack can be launched remotely. However, the exploit is difficult to carry out and requires user interaction.

Vulnerability Details

CVSS Score

5(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationAdvanced

Impact (CIA+S)

integrityconfidentiality

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-119

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-2148

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 85%