Fluid Attacks Database

Description

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	pytorch	=1.12.0-1 \|\| =1.12.0~rc1-1 \|\| =1.12.1-1 \|\| =1.13.1+dfsg-1 \|\| =1.13.1+dfsg-2 \|\| =1.13.1+dfsg-3 \|\| =1.13.1+dfsg-4 \|\| =1.13.1+dfsg-5 \|\| =1.7.1-7 \|\| =1.7.1-7+deb11u1 \|\| =1.8.1-1 \|\| =1.8.1-2 \|\| =1.8.1-3 \|\| =1.8.1-4 \|\| =1.8.1-5 \|\| =2.0.1+dfsg-1 \|\| =2.0.1+dfsg-1~exp1 \|\| =2.0.1+dfsg-2 \|\| =2.0.1+dfsg-4 \|\| =2.0.1+dfsg-5 \|\| =2.1.2+dfsg-1 \|\| =2.1.2+dfsg-2 \|\| =2.1.2+dfsg-4 \|\| =2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.4.1-1 \|\| =2.4.1-3 \|\| =2.4.1-4 \|\| =2.5.0+dfsg-1 \|\| =2.5.1+dfsg-1 \|\| =2.5.1+dfsg-3 \|\| =2.5.1+dfsg-4 \|\| =2.6.0+dfsg-1 \|\| =2.6.0+dfsg-1~exp1 \|\| =2.6.0+dfsg-2 \|\| =2.6.0+dfsg-3 \|\| =2.6.0+dfsg-4 \|\| =2.6.0+dfsg-5 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.6.0~rc9+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2
debian 12	pytorch	=1.13.1+dfsg-4 \|\| =1.13.1+dfsg-5 \|\| =2.0.1+dfsg-1 \|\| =2.0.1+dfsg-1~exp1 \|\| =2.0.1+dfsg-2 \|\| =2.0.1+dfsg-4 \|\| =2.0.1+dfsg-5 \|\| =2.1.2+dfsg-1 \|\| =2.1.2+dfsg-2 \|\| =2.1.2+dfsg-4 \|\| =2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.4.1-1 \|\| =2.4.1-3 \|\| =2.4.1-4 \|\| =2.5.0+dfsg-1 \|\| =2.5.1+dfsg-1 \|\| =2.5.1+dfsg-3 \|\| =2.5.1+dfsg-4 \|\| =2.6.0+dfsg-1 \|\| =2.6.0+dfsg-1~exp1 \|\| =2.6.0+dfsg-2 \|\| =2.6.0+dfsg-3 \|\| =2.6.0+dfsg-4 \|\| =2.6.0+dfsg-5 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.6.0~rc9+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2
debian 13	pytorch	=2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2
debian 14	pytorch	=2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2
pypi	torch	>=0 <=2.6.0-na

Aliases

1. CVE-2025-31212. NVD-2025-31213. OSV-DEBIAN-2025-31214. OSV-2025-31215. OSV-PYSEC-2025-1966. GCVE-2025-31217. SECURITY-TRACKER-CVE-2025-3121

References

1. https://github.com/pytorch/pytorch/issues/1498002. https://github.com/pytorch/pytorch/issues/149800#issue-2940240700

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.