What is GHSA-qfhq-4f3w-5fph?

GHSA-qfhq-4f3w-5fph is a security advisory published by GitHub Security Advisories with Low severity. PyTorch is vulnerable to memory corruption through its torch.lstm_cell function

Which CVE IDs does GHSA-qfhq-4f3w-5fph cover?

GHSA-qfhq-4f3w-5fph covers the following CVE IDs: CVE-2025-3001. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-qfhq-4f3w-5fph?

GHSA-qfhq-4f3w-5fph has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

Which products are affected by GHSA-qfhq-4f3w-5fph?

GHSA-qfhq-4f3w-5fph affects 1 product, including: pip/torch:\u003c 2.10.0.

GHSA-qfhq-4f3w-5fphLowCVSS 5.3

PyTorch is vulnerable to memory corruption through its torch.lstm_cell function

Vendor

GitHub Security Advisories

Published

March 31, 2025

Last Modified

June 10, 2026

🔗 CVE IDs covered (1)

CVE-2025-3001 →

📋 Description

A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

A patch is available through commit 999d94b.

🎯 Affected products1

pip/torch:< 2.10.0

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2025-3001
https://github.com/pytorch/pytorch/issues/149626
https://github.com/pytorch/pytorch/issues/149626#issue-2935860995
https://vuldb.com/?ctiid.302050
https://vuldb.com/?id.302050
https://vuldb.com/?submit.524212
https://github.com/pytorch/pytorch/commit/999d94b5ede5f4ec111ba7dd144129e2c2725b03
https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-195.yaml
https://github.com/advisories/GHSA-qfhq-4f3w-5fph