Imechapishwa: Apr 26, 2025 23:29
Advisory No: TZCERT-SA-25-0091
Source: GitHub
Software Affected: PyTorch, Wazuh
Two critical vulnerabilities are affecting PyTorch and Wazuh. Exploitation of these vulnerabilities may allow an attacker to execute remote code.
PyTorch and Wazuh are affected by vulnerabilities tracked as CVE-2025-24357 and CVE-2025-24016 with CVSS scores of 9.8 and 9.9. The vulnerability results from an attempt by the attacker to inject an unsanitized dictionary in DAPI request/response, where they can forge an unhandled exception (__unhandled_exc__) to evaluate arbitrary Python code. Upon successful exploitation, the vulnerabilities allow attackers to achieve remote code execution on Wazuh servers.
Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.
PyTorch and Wazuh have released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
