Fluid Attacks Database

Description

PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	pytorch	=1.12.0-1 \|\| =1.12.0~rc1-1 \|\| =1.12.1-1 \|\| =1.13.1+dfsg-1 \|\| =1.13.1+dfsg-2 \|\| =1.13.1+dfsg-3 \|\| =1.13.1+dfsg-4 \|\| =1.13.1+dfsg-5 \|\| =1.7.1-7 \|\| =1.7.1-7+deb11u1 \|\| =1.8.1-1 \|\| =1.8.1-2 \|\| =1.8.1-3 \|\| =1.8.1-4 \|\| =1.8.1-5 \|\| =2.0.1+dfsg-1 \|\| =2.0.1+dfsg-1~exp1 \|\| =2.0.1+dfsg-2 \|\| =2.0.1+dfsg-4 \|\| =2.0.1+dfsg-5 \|\| =2.1.2+dfsg-1 \|\| =2.1.2+dfsg-2 \|\| =2.1.2+dfsg-4 \|\| =2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.4.1-1 \|\| =2.4.1-3 \|\| =2.4.1-4 \|\| =2.5.0+dfsg-1 \|\| =2.5.1+dfsg-1 \|\| =2.5.1+dfsg-3 \|\| =2.5.1+dfsg-4 \|\| =2.6.0+dfsg-1 \|\| =2.6.0+dfsg-1~exp1 \|\| =2.6.0+dfsg-2 \|\| =2.6.0+dfsg-3 \|\| =2.6.0+dfsg-4 \|\| =2.6.0+dfsg-5 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.6.0~rc9+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2	-
debian 12	pytorch	=1.13.1+dfsg-4 \|\| =1.13.1+dfsg-5 \|\| =2.0.1+dfsg-1 \|\| =2.0.1+dfsg-1~exp1 \|\| =2.0.1+dfsg-2 \|\| =2.0.1+dfsg-4 \|\| =2.0.1+dfsg-5 \|\| =2.1.2+dfsg-1 \|\| =2.1.2+dfsg-2 \|\| =2.1.2+dfsg-4 \|\| =2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.4.1-1 \|\| =2.4.1-3 \|\| =2.4.1-4 \|\| =2.5.0+dfsg-1 \|\| =2.5.1+dfsg-1 \|\| =2.5.1+dfsg-3 \|\| =2.5.1+dfsg-4 \|\| =2.6.0+dfsg-1 \|\| =2.6.0+dfsg-1~exp1 \|\| =2.6.0+dfsg-2 \|\| =2.6.0+dfsg-3 \|\| =2.6.0+dfsg-4 \|\| =2.6.0+dfsg-5 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.6.0~rc9+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2	-
debian 13	pytorch	=2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2	-
debian 14	pytorch	=2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2	-
pypi	torch	>=0 <=2.6.0	2.7.0

Aliases

1. CVE-2025-21492. NVD-2025-21493. OSV-DEBIAN-2025-21494. OSV-2025-21495. GCVE-2025-21496. SECURITY-TRACKER-CVE-2025-2149

References

1. https://github.com/pytorch/pytorch/issues/1478182. https://github.com/pytorch/pytorch/issues/147818#issue-28773016603. https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-190.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.