CVE-2025-2149 — Improper Initialization in Pytorch

CWE-665 — Improper Initialization4 documents4 sources

Severity

2.0LOWNVD

EPSS

0.1%

top 84.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Pytorch Debian Pytorch

Timeline

PublishedMar 10

Description

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5linuxfoundation/pytorch2.6.0+cu124

▶NVDlinuxfoundation/pytorch2.6.0

▶debiandebian/pytorch

🔴Vulnerability Details

OSV

CVE-2025-2149: A vulnerability was found in PyTorch 2↗2025-03-10

▶

GHSA

GHSA-x3gm-94wq-g975: A vulnerability was found in PyTorch 2↗2025-03-10

▶

📋Vendor Advisories

Debian

CVE-2025-2149: pytorch - A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problemat...↗2025

▶