CVE-2025-2999

EUVD-2025-8755
A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
linuxfoundationpytorch
2.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pytorch/pytorch/issues/149622
https://github.com/pytorch/pytorch/issues/149622#issue-2935495265
https://vuldb.com/?ctiid.302048
https://vuldb.com/?id.302048
https://vuldb.com/?submit.524198