CVE-2025-3000
PyTorch is vulnerable to memory corruption through its torch.jit.script function
5.3
MEDIUM
CVSS 3.1
EPSS 0.08%
Description
A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
How to fix CVE-2025-3000
To remediate CVE-2025-3000, upgrade the affected package to a fixed version below.
- —upgrade to 2.7.0 or later
- —no fix listed
- —no fix listed
- —no fix listed
Is CVE-2025-3000 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- >= 2.6.0, < 2.7.0
- from 0
- from 0, <= 2.12.0
- from 0, <= 2.6.0-NA
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |