CVE-2025-3121: 
Homebrew vulnerability analysis and mitigation

A vulnerability has been identified in PyTorch version 2.6.0, specifically affecting the function torch.jit.jit_module_from_flatbuffer. The vulnerability (CVE-2025-3121) was discovered and disclosed on April 2, 2025, and is classified as a memory corruption issue. The vulnerability requires local access to exploit and has been publicly disclosed (NVD CVE, VulDB Report).

The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), where the product performs operations on a memory buffer but can read from or write to memory locations outside the intended boundary. The vulnerability has received a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, and a CVSS v4.0 score of 4.8 (MEDIUM) (NVD CVE).

The vulnerability primarily impacts system availability through memory corruption. When exploited, it causes a segmentation fault when attempting to load and execute models saved in Flatbuffer format. The issue manifests when using the torch.jit.jit_module_from_flatbuffer function with certain model configurations (GitHub Issue).

Currently, there are no official patches or mitigations available for this vulnerability. The recommended approach is to consider replacing the affected functionality with alternative implementations until a fix is released (VulDB Report).