CVE-2025-3001

EUVD-2025-8856
A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
linuxfoundationpytorch
2.6.0
𝑥
= Vulnerable software versions
Azure Linux logo
Azure Linux Releases
Azure Package
Release
pytorch
Azure Linux 3.0
0:2.2.2-10.azl3
fixed
CBL-Mariner 2.0
0:2.0.0-12.cm2
fixed