Medium severity5.0NVD Advisory· Published Mar 10, 2025· Updated Jun 17, 2026
CVE-2025-2148
CVE-2025-2148
Description
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
torchPyPI | <= 2.6.0 | — |
Affected products
4- osv-coords2 versions
>= 2.6.0, < 2.7.0+ 1 more
- (no CPE)range: >= 2.6.0, < 2.7.0
- (no CPE)range: <= 2.6.0
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-c678-jfcj-6jmfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-2148ghsaADVISORY
- vuldb.comnvdThird Party AdvisoryVDB EntryWEB
- vuldb.comnvdThird Party AdvisoryVDB EntryWEB
- github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-189.yamlghsaWEB
- github.com/pytorch/pytorch/blob/b0a67c7495bb11ecb23e556058db059ba48354af/torch/autograd/profiler.pyghsaWEB
- github.com/pytorch/pytorch/issues/147722nvdIssue TrackingWEB
- vuldb.comnvdPermissions RequiredVDB EntryWEB
News mentions
0No linked articles in our index yet.