CVE-2025-2148 in PyTorch
Summary
by MITRE • 03/10/2025
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/23/2025
This critical vulnerability in PyTorch 2.6.0+cu124 resides within the torch.ops.profiler._call_end_callbacks_on_jit_fut function, specifically within the Tuple Handler component. The flaw manifests when the function receives a None argument, which triggers memory corruption conditions that can be exploited remotely. The vulnerability represents a sophisticated attack vector that requires significant technical expertise to exploit effectively, with the attack complexity rated as high and exploitation difficulty as substantial. This designation indicates that while the vulnerability is severe, it does not represent an easily weaponized threat that could be exploited by automated tools or casual attackers.
The technical implementation of this vulnerability involves improper handling of null or None values within the profiler's callback mechanism during JIT compilation phases. When the _call_end_callbacks_on_jit_fut function processes a None argument, it fails to validate the input properly, leading to undefined behavior that can result in memory corruption. This type of vulnerability falls under CWE-476 which describes NULL Pointer Dereference, though the specific manifestation in this context creates more severe memory corruption effects rather than simple pointer dereference failures. The memory corruption can potentially lead to arbitrary code execution, information disclosure, or system instability depending on the execution context and attack vector used.
The operational impact of this vulnerability extends beyond simple code execution as it affects the core profiling infrastructure of PyTorch, which is extensively used in machine learning model development and deployment environments. Remote exploitation capabilities mean that attackers could potentially compromise systems running PyTorch applications without physical access, making this particularly dangerous in cloud environments, containerized applications, or distributed computing scenarios. The vulnerability affects not just individual developers but entire organizations relying on PyTorch for their machine learning workloads, potentially exposing sensitive training data, model parameters, and infrastructure components to unauthorized access.
Organizations using PyTorch 2.6.0+cu124 should implement immediate mitigation strategies including upgrading to patched versions of PyTorch, applying runtime restrictions on profiling functions, and implementing network segmentation to limit exposure. The ATT&CK framework categorizes this vulnerability under T1203 Exploitation for Client Execution and potentially T1059 Command and Scripting Interpreter if exploitation leads to command execution. System administrators should monitor for unusual profiling activity, implement input validation for all PyTorch profiler functions, and consider using application whitelisting to prevent unauthorized execution of vulnerable code paths. Additionally, organizations should conduct thorough security assessments of their machine learning pipelines to identify other potential attack vectors that may interact with this vulnerability.