CVE-2025-3000: PyTorch is vulnerable to memory corruption through its torch.jit.script function
(updated )
A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
References
- github.com/advisories/GHSA-rrmf-rvhw-rf47
- github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-194.yaml
- github.com/pytorch/pytorch/issues/149623
- github.com/pytorch/pytorch/issues/149623
- nvd.nist.gov/vuln/detail/CVE-2025-3000
- vuldb.com/?ctiid.302049
- vuldb.com/?id.302049
- vuldb.com/?submit.524197
Code Behaviors & Features
Detect and mitigate CVE-2025-3000 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →