Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
Claude Code versions before 1.0.120 had a security flaw where it could bypass file access restrictions by following symlinks (shortcuts that point to other files). Even if a user blocked Claude Code from accessing a file, the tool could still read it if there was a symlink pointing to that blocked file.
Fix: Update Claude Code to version 1.0.120 or later. Users with automatic updates enabled will have received this fix automatically; users updating manually should upgrade to the latest version.
NVD/CVE DatabaseCursor, a code editor designed for programming with AI, has a vulnerability in versions 1.7 and below where attackers can use prompt injection (tricking the AI by hiding instructions in its input) to modify sensitive configuration files and achieve remote code execution (RCE, where an attacker can run commands on a system they don't own). This vulnerability is especially dangerous on case-insensitive filesystems (systems that treat uppercase and lowercase letters as the same).
Cursor, a code editor designed for AI-assisted programming, has a vulnerability in versions 1.7 and below where it automatically loads configuration files from project directories, which can be exploited by attackers. If a user runs Cursor's command-line tool (CLI) in a malicious repository, an attacker could use prompt injection (tricking the AI by hiding instructions in its input) combined with permissive settings to achieve remote code execution (the ability to run commands on the user's system without permission).
Cursor is a code editor that lets programmers work with AI assistance. In versions 1.7 and below, when using MCP (a system for connecting external tools to AI) with OAuth authentication (a login method), an attacker can trick Cursor into running malicious commands by pretending to be a trusted service, potentially giving them full control of the user's computer.
Cursor, a code editor designed for AI-assisted programming, has a critical vulnerability in versions 1.6 and below that allows remote code execution (RCE, where an attacker runs commands on your computer without permission). An attacker who gains control of the AI chat context (such as through a compromised MCP server, a tool that extends the AI's capabilities) can use prompt injection (tricking the AI by hiding malicious instructions in its input) to make Cursor modify workspace configuration files, bypassing an existing security protection and ultimately executing arbitrary code.
Cursor, a code editor designed for programming with AI, has a vulnerability in versions 1.6 and below where Mermaid (a tool for rendering diagrams) can embed images that get displayed in the chat box. An attacker can exploit this through prompt injection (tricking the AI by hiding instructions in its input) to send sensitive information to an attacker-controlled server, or a malicious AI model might trigger this automatically.
Claude Code (an AI tool that writes and runs code automatically) had a security flaw in versions before 1.0.111 where it could execute code from a project before the user confirmed they trusted the project. An attacker could exploit this by tricking a user into opening a malicious project directory.
AgentAPI (an HTTP interface for various AI coding assistants) versions 0.3.3 and below are vulnerable to a DNS rebinding attack (where an attacker tricks your browser into connecting to a malicious server that responds like your local machine), allowing unauthorized access to the /messages endpoint. This vulnerability can expose sensitive data stored locally, including API keys, file contents, and code the user was developing.
PyTorch version 2.7.0 has a vulnerability (CVE-2025-55560) that causes a Denial of Service (DoS, where a system becomes unavailable or unresponsive) when a model uses specific sparse tensor functions (torch.Tensor.to_sparse() and torch.Tensor.to_dense()) and is compiled by Inductor (PyTorch's code compilation tool). This issue stems from uncontrolled resource consumption, meaning the system uses up too many computing resources.
CVE-2025-55559 is a vulnerability in TensorFlow v2.18.0 where setting the padding parameter to 'valid' in tf.keras.layers.Conv2D (a layer used in neural networks for image processing) causes a Denial of Service (DoS, where a system becomes unavailable to users). The vulnerability is classified as uncontrolled resource consumption, meaning the system uses up resources like memory or CPU in an uncontrolled way.
CVE-2025-55558 is a buffer overflow (a memory safety error where data is written beyond the intended boundaries) in PyTorch version 2.7.0 that occurs when certain neural network operations are combined and compiled using Inductor, a code compiler. This vulnerability causes a Denial of Service attack (making a service unavailable to users), though no CVSS severity score has been assigned yet.
PyTorch version 2.7.0 has a bug where a name error occurs when a model uses torch.cummin (a function that finds cumulative minimum values) and is compiled by Inductor (PyTorch's compiler for optimizing code). This causes a Denial of Service (DoS, where a system becomes unavailable to users).
TensorFlow v2.18.0 has a bug where the Embedding function (a neural network layer that converts words or items into numerical representations) produces random results when compiled, causing applications to behave unexpectedly. The issue is tracked as CVE-2025-55556 and has a severity rating that is still being assessed.
PyTorch version 2.8.0 contains an integer overflow vulnerability (a bug where a number gets too large for its storage space and wraps around to an incorrect value) in the torch.nan_to_num function when using the .long() method. The vulnerability is tracked as CVE-2025-55554, though a detailed severity rating has not yet been assigned by NIST.
CVE-2025-55553 is a syntax error in the proxy_tensor.py file of PyTorch version 2.7.0 that allows attackers to cause a Denial of Service (DoS, a type of attack where a system becomes unavailable to legitimate users). The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 4.0, indicating moderate severity.
PyTorch v2.8.0 has a vulnerability (CVE-2025-55552) where two functions, torch.rot90 (which rotates arrays) and torch.randn_like (which generates random numbers matching a given shape), behave unexpectedly when used together, possibly due to integer overflow or wraparound (where numbers wrap around to negative values instead of staying large).
A vulnerability (CVE-2025-55551) exists in PyTorch version 2.8.0 in a math component called torch.linalg.lu that allows attackers to cause a Denial of Service (DoS, where a system becomes unavailable to users) by performing a slice operation (extracting a portion of data). The issue involves uncontrolled resource consumption (CWE-400, where a program uses too much memory or processing power without limits).
PyTorch versions before 3.7.0 have a bug in the bernoulli_p decompose function (a mathematical operation used in the dropout layers) that doesn't work the same way as the main CPU implementation, causing problems with nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d when fallback_random=True (a setting that uses random number generation as a backup method).
CVE-2025-46152 is a bug in PyTorch (a machine learning library) versions before 2.7.0 where the bitwise_right_shift function (which moves binary digits to the right) produces wrong answers when given certain out-of-bounds values. This is classified as an out-of-bounds write vulnerability (CWE-787, where a program writes data outside its intended memory area).
CVE-2025-46150 is a bug in PyTorch (a machine learning framework) versions before 2.7.0 where FractionalMaxPool2d (a function that reduces image dimensions) produces inconsistent results when torch.compile (a performance optimization tool) is used. The issue causes the function to give different outputs under the same conditions, which is problematic for machine learning models that need reproducible, reliable results.
Fix: This issue is fixed in commit 25b418f, but has yet to be released as of October 3, 2025.
NVD/CVE DatabaseFix: The fix is available as patch 2025.09.17-25b418f. As of October 3, 2025, this patch has not yet been included in an official release version.
NVD/CVE DatabaseFix: A patch is available at version 2025.09.17-25b418f. Users should update to this patched version to fix the vulnerability.
NVD/CVE DatabaseFix: Update to version 1.7, which fixes this issue.
NVD/CVE DatabaseFix: This issue is fixed in version 1.7. Users should upgrade to version 1.7 or later.
NVD/CVE DatabaseFix: Update Claude Code to version 1.0.111 or later. Users with auto-update enabled will have received this fix automatically; users performing manual updates should update to the latest version.
NVD/CVE DatabaseFix: This issue is fixed in version 0.4.0.
NVD/CVE DatabaseFix: Upgrade PyTorch to version 2.7.0 or later.
NVD/CVE DatabaseFix: Upgrade to PyTorch version 2.7.0 or later.
NVD/CVE Database