CVE-2025-2999

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-2999

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2999.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-2999

Aliases

BIT-pytorch-2025-2999

Related

UBUNTU-CVE-2025-2999

Published

2025-03-31T15:15:44Z

Modified

2025-05-30T06:44:26.655886Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

References

Affected packages

Debian:11 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.1-7

1.8.1-1

1.8.1-2

1.8.1-3

1.8.1-4

1.8.1-5

1.12.0~rc1-1

1.12.0-1

1.12.1-1

1.13.1+dfsg-1

1.13.1+dfsg-2

1.13.1+dfsg-3

1.13.1+dfsg-4

1.13.1+dfsg-5

2.*

2.0.1+dfsg-1~exp1

2.0.1+dfsg-1

2.0.1+dfsg-2

2.0.1+dfsg-4

2.0.1+dfsg-5

2.1.2+dfsg-1

2.1.2+dfsg-2

2.1.2+dfsg-4

2.4.1-1

2.4.1-3

2.4.1-4

2.5.0+dfsg-1

2.5.1+dfsg-1

2.5.1+dfsg-3

2.5.1+dfsg-4

2.6.0~rc9+dfsg-1~exp1

2.6.0+dfsg-1~exp1

2.6.0+dfsg-1

2.6.0+dfsg-2

2.6.0+dfsg-3

2.6.0+dfsg-4

2.6.0+dfsg-5

2.6.0+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.1+dfsg-4

1.13.1+dfsg-5

2.*

2.0.1+dfsg-1~exp1

2.0.1+dfsg-1

2.0.1+dfsg-2

2.0.1+dfsg-4

2.0.1+dfsg-5

2.1.2+dfsg-1

2.1.2+dfsg-2

2.1.2+dfsg-4

2.4.1-1

2.4.1-3

2.4.1-4

2.5.0+dfsg-1

2.5.1+dfsg-1

2.5.1+dfsg-3

2.5.1+dfsg-4

2.6.0~rc9+dfsg-1~exp1

2.6.0+dfsg-1~exp1

2.6.0+dfsg-1

2.6.0+dfsg-2

2.6.0+dfsg-3

2.6.0+dfsg-4

2.6.0+dfsg-5

2.6.0+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.1+dfsg-4

1.13.1+dfsg-5

2.*

2.0.1+dfsg-1~exp1

2.0.1+dfsg-1

2.0.1+dfsg-2

2.0.1+dfsg-4

2.0.1+dfsg-5

2.1.2+dfsg-1

2.1.2+dfsg-2

2.1.2+dfsg-4

2.4.1-1

2.4.1-3

2.4.1-4

2.5.0+dfsg-1

2.5.1+dfsg-1

2.5.1+dfsg-3

2.5.1+dfsg-4

2.6.0~rc9+dfsg-1~exp1

2.6.0+dfsg-1~exp1

2.6.0+dfsg-1

2.6.0+dfsg-2

2.6.0+dfsg-3

2.6.0+dfsg-4

2.6.0+dfsg-5

2.6.0+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/pytorch/pytorch

Affected ranges

Type: GIT
Repo: https://github.com/pytorch/pytorch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1eba9b3aa3c43f86f4a2c807ac8e12c4a7767340

Affected versions

Other

bc2caa7fdf006894eff7af936babde69ab5a40f8-huydhn-debug

ciflow/inductor/3b9a386

ciflow/inductor/3d4b92b

ciflow/inductor/d224ac7

ciflow/periodic/054a2fd

ciflow/periodic/2a6d37d

ciflow/periodic/317eeb8

ciflow/periodic/3c32

ciflow/periodic/3e98831

ciflow/periodic/94512-point

ciflow/periodic/csl/test87519

ciflow/periodic/csltest88275

ciflow/periodic/csltest88761

ciflow/periodic/sha-ec5b83

ciflow/slow/01c7106

ciflow/slow/0577043

ciflow/slow/0d5b74da0cab798fbfdb9caa53fad816999c8386-sdym

ciflow/slow/0e81104

ciflow/slow/1732077

ciflow/slow/187eb7c

ciflow/slow/1faef89

ciflow/slow/3920ec1

ciflow/slow/3b7c6b2

ciflow/slow/59a3759

ciflow/slow/70ef0bb

ciflow/slow/788ff06

ciflow/slow/8751002215790a3a88750faa8f4366933e296693-sdym

ciflow/slow/9d85864

ciflow/slow/9ffad5b

ciflow/slow/a206e8b

ciflow/slow/a837609

ciflow/slow/af841f3

ciflow/slow/da3aba1e46157c4df504b067477cdf2b3c96b194-sdym

ciflow/unstable/123

cslpull75

cslpull76

cslpull77

cslpull78

cslpull79

cslpull80

cslpull81

cslpull82

cslpull83

cslpull84

cslpull85

cslpull86

cslpull87

cslpull88

cslpull89

cslpull90

cslpull91

cslpull92

forpull1

malfet/tag-2ef5611

malfet/tag-317b1a0

malfet/tag-ec6f767

nightly-binary

v0.*

v0.1.1

v0.1.10

v0.1.11

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v1.*

v1.0.0a0

v1.0rc0

v1.0rc1

v1.1.0a0

v1.2.0a0

v1.3.0a0

v1.4.0a0

v1.8.0-rc1

v2.*

v2.6.0

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

v2.6.0-rc5

v2.6.0-rc6

v2.6.0-rc7

v2.6.0-rc8

v2.6.0-rc9