What is GHSA-vgrw-7cvw-pwgx?

GHSA-vgrw-7cvw-pwgx is a security advisory published by GitHub Security Advisories with Medium severity. PyTorch is vulnerable to memory corruption through its unpack_sequence function

Which CVE IDs does GHSA-vgrw-7cvw-pwgx cover?

GHSA-vgrw-7cvw-pwgx covers the following CVE IDs: CVE-2025-2999. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-vgrw-7cvw-pwgx?

GHSA-vgrw-7cvw-pwgx has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

Which products are affected by GHSA-vgrw-7cvw-pwgx?

GHSA-vgrw-7cvw-pwgx affects 1 product, including: pip/torch:\u003c 2.9.1.

GHSA-vgrw-7cvw-pwgxMediumCVSS 5.3

PyTorch is vulnerable to memory corruption through its unpack_sequence function

Vendor

GitHub Security Advisories

Published

March 31, 2025

Last Modified

June 10, 2026

🔗 CVE IDs covered (1)

CVE-2025-2999 →

📋 Description

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

A patch is available through commit 4945180.

🎯 Affected products1

pip/torch:< 2.9.1

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2025-2999
https://github.com/pytorch/pytorch/issues/149622
https://github.com/pytorch/pytorch/issues/149622#issue-2935495265
https://vuldb.com/?ctiid.302048
https://vuldb.com/?id.302048
https://vuldb.com/?submit.524198
https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd
https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-193.yaml
https://github.com/advisories/GHSA-vgrw-7cvw-pwgx