opensearch-py-ml icon indicating copy to clipboard operation
opensearch-py-ml copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

CVE-2025-2999 (Medium) detected in torch-2.5.1-cp39-none-macosx_11_0_arm64.whl

Open mend-for-github-com[bot] opened this issue 7 months ago • 5 comments

CVE-2025-2999 - Medium Severity Vulnerability

Vulnerable Library - torch-2.5.1-cp39-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/25/07/3548a7cfcf69d0eccec2ee79ee3913f1cdaadb27b36946774db86729ee47/torch-2.5.1-cp39-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250502175959_GFJTEC/python_TAPWTV/20250502180002/torch-2.5.1-cp39-cp39-manylinux1_x86_64.whl

Dependency Hierarchy:

  • :x: torch-2.5.1-cp39-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: fca546cb0c3befa8a2ea52909690f598c18df050

Found in base branch: main

Vulnerability Details

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Publish Date: 2025-03-31

URL: CVE-2025-2999

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low
For more information on CVSS3 Scores, click here.

mend-for-github-com[bot] avatar Apr 17 '25 17:04 mend-for-github-com[bot]