CVE-2025-3000 Information

Apr 03, 2025 cve

Description

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

https://github.com/pytorch/pytorch/issues/149623 https://github.com/pytorch/pytorch/issues/149623#issue-2935703015 https://vuldb.com/?ctiid.302049 https://vuldb.com/?id.302049 https://vuldb.com/?submit.524197

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

5.3

Share on: