- Palo Alto discovered essential flaws in AI/ML libraries NeMo, Uni2TS, and FlexTok
- Vulnerabilities allowed arbitrary code execution by way of malicious mannequin metadata
- All patched by mid-2025; no exploitation noticed as of December 2025
Safety researchers from Palo Alto Networks have found vulnerabilities utilized in some high Synthetic Intelligence (AI) and machine Studying (ML) instruments which, if abused, may enable risk actors to execute malicious code on course endpoints, remotely.
In a safety advisory, the researchers mentioned that round April 2025, they found bugs in three open supply Python libraries revealed by Apple, Salesforce, and NVIDIA, on their GitHub repositories.
The libraries are known as NeMo, Uni2TS, and FlexTok. NeMo is a PyTorch-based framework for analysis, Uni2TS a PyTorch library for analysis utilized by Salesforce’s Morai, and FlexTok is a Python-based framework for analysis, enabling AL and ML fashions to course of photos. Cumulatively, they’ve greater than 10 million downloads on HuggingFace (a platform that hosts open-source AI fashions and different instruments).
Bugs fastened
“The vulnerabilities stem from libraries utilizing metadata to configure advanced fashions and pipelines, the place a shared third-party library instantiates courses utilizing this metadata,” Palo Alto defined in its advisory.
“Susceptible variations of those libraries merely execute the supplied information as code. This permits an attacker to embed arbitrary code in mannequin metadata, which might routinely execute when weak libraries load these modified fashions.”
All three builders have been notified in April 2025, and by the top of July, all have been fastened. NVIDIA issued CVE-2025-23304 and gave it a excessive severity ranking (7.8/10) and launched a repair in NeMo 2.3.2. FlexTok up to date its code in June 2025, whereas Salesforce issued CVE-2026-22584, gave it a essential ranking (9.8/10), and stuck it in July 2025.
Palo Alto says that as of December 2025, there isn’t any proof that these vulnerabilities are being abused within the wild. The entire bugs have been found by the corporate’s Prisma AIRS instrument.
One of the best antivirus for all budgets
Comply with TechRadar on Google Information and add us as a most well-liked supply to get our skilled information, critiques, and opinion in your feeds. Be sure that to click on the Comply with button!
And naturally you may as well comply with TechRadar on TikTok for information, critiques, unboxings in video type, and get common updates from us on WhatsApp too.
