CVE-2025-46148 — MEDIUM (CVSS 5.3) AI Security Vulnerability

CISO Take

PyTorch's nn.PairwiseDistance(p=2) silently returns wrong results in eager mode (the default) through v2.6.0, with no exception raised. Any pipeline using Euclidean distance for authentication, anomaly detection, or similarity search may produce silently wrong decisions. Audit affected systems immediately and pin upgrades to a patched release once available; as an interim workaround replace calls with torch.cdist or a manual L2 implementation.

Risk Assessment

Medium risk, but deceptive: the CVSS vector (AV:N/AC:L/PR:N/UI:N) means any remote caller can trigger the faulty code path with no privileges, and the silent nature of the miscalculation is the real danger. Systems will continue operating while producing wrong distance outputs, making this harder to detect than a crash. Highest risk is in distance-based security controls (biometric verification, similarity-based fraud detection, anomaly detection thresholds) where a wrong distance value can flip a binary allow/deny decision.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
pytorch	pip	—	No patch
99.6K OpenSSF 6.4 21.7K dependents Pushed 6d ago 8% patched ~142d to patch Full package profile →

Do you use pytorch? You're affected.

Severity & Risk

CVSS 3.1

5.3 / 10

EPSS

0.1%

chance of exploitation in 30 days

Higher than 18% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Moderate

Attack Surface

AV Network

AC Low

PR None

UI None

S Unchanged

C Low

I None

A None

Recommended Action

5 steps

PATCH

Upgrade PyTorch once a fixed release beyond 2.6.0 is available; track https://github.com/pytorch/pytorch/pull/152993 for merge status.
WORKAROUND (immediate): Replace nn.PairwiseDistance(p=2) with torch.cdist(a.unsqueeze(0), b.unsqueeze(0), p=2) or an explicit manual sqrt(((a-b)**2).sum(dim=-1)); both produce correct results.
AUDIT

Search codebase for all usages of nn.PairwiseDistance; flag any use in security-critical decision paths (auth, fraud, anomaly detection).
DETECT

Add regression tests asserting nn.PairwiseDistance output equals torch.cdist output for the same inputs; CI will catch regressions on upgrade.
VALIDATE

For deployed models, run shadow comparison of old vs. workaround output on production traffic to assess decision drift.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Adversarial Examples Auth Bypass Framework Inference AML.T0001 - Search Open AI Vulnerability Analysis AML.T0010.001 - AI Software AML.T0015 - Evade AI Model AML.T0043.003 - Manual Modification

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity of high-risk AI systems

ISO 42001

8.4 - AI system performance and accuracy

NIST AI RMF

MEASURE 2.5 - AI system performance and effectiveness

OWASP LLM Top 10

LLM05:2025 - Improper Output Handling

Frequently Asked Questions

What is CVE-2025-46148?

PyTorch's nn.PairwiseDistance(p=2) silently returns wrong results in eager mode (the default) through v2.6.0, with no exception raised. Any pipeline using Euclidean distance for authentication, anomaly detection, or similarity search may produce silently wrong decisions. Audit affected systems immediately and pin upgrades to a patched release once available; as an interim workaround replace calls with torch.cdist or a manual L2 implementation.

Is CVE-2025-46148 actively exploited?

No confirmed active exploitation of CVE-2025-46148 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-46148?

1. PATCH: Upgrade PyTorch once a fixed release beyond 2.6.0 is available; track https://github.com/pytorch/pytorch/pull/152993 for merge status. 2. WORKAROUND (immediate): Replace nn.PairwiseDistance(p=2) with torch.cdist(a.unsqueeze(0), b.unsqueeze(0), p=2) or an explicit manual sqrt(((a-b)**2).sum(dim=-1)); both produce correct results. 3. AUDIT: Search codebase for all usages of nn.PairwiseDistance; flag any use in security-critical decision paths (auth, fraud, anomaly detection). 4. DETECT: Add regression tests asserting nn.PairwiseDistance output equals torch.cdist output for the same inputs; CI will catch regressions on upgrade. 5. VALIDATE: For deployed models, run shadow comparison of old vs. workaround output on production traffic to assess decision drift.

What systems are affected by CVE-2025-46148?

This vulnerability affects the following AI/ML architecture patterns: embedding similarity pipelines, biometric authentication systems, anomaly detection models, metric learning / Siamese networks, recommendation systems, training pipelines using contrastive loss.

What is the CVSS score for CVE-2025-46148?

CVE-2025-46148 has a CVSS v3.1 base score of 5.3 (MEDIUM). The EPSS exploitation probability is 0.06%.

Technical Details

NVD Description

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.

Exploitation Scenario

An adversary who knows about the miscalculation behavior (publicly documented in the GitHub issue and gist PoCs) targets a biometric authentication API backed by a PyTorch similarity model using nn.PairwiseDistance(p=2) in eager mode. They probe the API to characterize the gap between correct and incorrect distance values, then craft a facial embedding vector that the buggy implementation computes as within the acceptance threshold while the true L2 distance would reject it. Because no exception is raised and the system logs a normal 'accepted' decision, the bypass goes undetected. The same technique applies to anomaly detection systems where a malicious payload embedding is crafted to appear 'normal' under the faulty distance metric.