- Pro
- Security
The bugs have been fixed, so users should patch now
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Image credit: geralt on Pixabay
(Image credit: Pixabay)
Share
Share by:
- Copy link
- X
- Threads
- Palo Alto found critical flaws in AI/ML libraries NeMo, Uni2TS, and FlexTok
- Vulnerabilities allowed arbitrary code execution via malicious model metadata
- All patched by mid-2025; no exploitation observed as of December 2025
Security researchers from Palo Alto Networks have discovered vulnerabilities used in some top Artificial Intelligence (AI) and machine Learning (ML) tools which, if abused, could allow threat actors to execute malicious code on target endpoints, remotely.
In a security advisory, the researchers said that around April 2025, they discovered bugs in three open source Python libraries published by Apple, Salesforce, and NVIDIA, on their GitHub repositories.
The libraries are called NeMo, Uni2TS, and FlexTok. NeMo is a PyTorch-based framework for research, Uni2TS a PyTorch library for research used by Salesforce’s Morai, and FlexTok is a Python-based framework for research, enabling AL and ML models to process images. Cumulatively, they have more than 10 million downloads on HuggingFace (a platform that hosts open-source AI models and other tools).
You may like-
This WebUI vulnerability allows remote code execution - here's how to stay safe
-
New research reveals AI is fueling an 'unprecedented surge in cloud security risks'
-
Hackers are going after top LLM services by cracking misconfigured proxies
Bugs fixed
“The vulnerabilities stem from libraries using metadata to configure complex models and pipelines, where a shared third-party library instantiates classes using this metadata,” Palo Alto explained in its advisory.
“Vulnerable versions of these libraries simply execute the provided data as code. This allows an attacker to embed arbitrary code in model metadata, which would automatically execute when vulnerable libraries load these modified models.”
All three developers were notified in April 2025, and by the end of July, all were fixed. NVIDIA issued CVE-2025-23304 and gave it a high severity rating (7.8/10) and released a fix in NeMo 2.3.2. FlexTok updated its code in June 2025, while Salesforce issued CVE-2026-22584, gave it a critical rating (9.8/10), and fixed it in July 2025.
Palo Alto says that as of December 2025, there is no evidence that these vulnerabilities are being abused in the wild. All of the bugs were discovered by the company’s Prisma AIRS tool.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
TOPICS AI Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Show More CommentsYou must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
This WebUI vulnerability allows remote code execution - here's how to stay safe
New research reveals AI is fueling an 'unprecedented surge in cloud security risks'
Hackers are going after top LLM services by cracking misconfigured proxies
ServiceNow patches critical security flaw which could allow user impersonation
Researchers claim ChatGPT has a whole host of worrying security flaws - here's what they found
OpenAI admits new models likely to pose 'high' cybersecurity risk
Latest in Security
ServiceNow patches critical security flaw which could allow user impersonation
Experts warn this new Chinese Linux malware could be preparing something seriously worrying
Thousands of n8n instances under threat from top security issue
US government told to patch high-severity Gogs security issue or face attack
Hackers claim to have Target source code for sale following recent cyberattack
Spanish energy giant Endesa says it was hit by data breach, customers affected and 20 million files allegedly put up for sale
Latest in News
Security researchers warn Telegram links can doxx you – even with a VPN
Spotify claims it's not forcing AI-generated music onto listeners.
Python libraries used in top AI and ML tools hacked - Nvidia, Salesforce and other libraries all at risk
VPN interest spikes in Uganda as the internet gets disrupted ahead of the general elections
Nvidia could pivot away from RTX 5070 Ti and 5060 Ti 16GB to favor 8GB GPUs
Fender's Play platform is coming to Samsung TVs everywhere – grab your axe by summer 2026
LATEST ARTICLES- 1Python libraries used in top AI and ML tools hacked - Nvidia, Salesforce and other libraries all at risk
- 2NYT Strands hints and answers for Thursday, January 15 (game #683)
- 3NYT Connections hints and answers for Thursday, January 15 (game #949)
- 4Quordle hints and answers for Thursday, January 15 (game #1452)
- 5Security researchers warn Telegram links can doxx you – even with a VPN
