CVE-2025-2149 — LOW (CVSS 2.5) AI Security Vulnerability

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
pytorch	pip	—	No patch

Do you use pytorch? You're affected.

Severity & Risk

CVSS 3.1

2.5 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Weaknesses (CWE)

CWE-665

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

References

github.com/pytorch/pytorch/issues/147818
Issue
github.com/pytorch/pytorch/issues/147818
Issue
github.com/pytorch/pytorch/issues/147818
Issue
github.com/pytorch/pytorch/issues/147818
Issue
vuldb.com
Permissions Required VDB
vuldb.com
3rd Party VDB
vuldb.com
Exploit 3rd Party VDB

Timeline

Published

March 10, 2025

Last Modified

February 24, 2026

First Seen

March 10, 2025