- Palo Alto found critical bugs in the AI/ML libraries NeMo, Uni2TS and FlexTok
- Vulnerabilities allowed arbitrary code execution via malicious model metadata
- All fixed by mid-2025; no utilization observed in December 2025
Security researchers from Palo Alto Networks have discovered vulnerabilities used in some top artificial intelligence (AI) and machine learning (ML) tools that, if exploited, could allow threat actors to execute malicious code on measurement endpoints remotely.
In a security advisory, the researchers said that around April 2025, they discovered bugs in three open source Python libraries published by Apple, Salesforce and NVIDIA on their GitHub repositories.
The libraries are called NeMo, Uni2TS and FlexTok. NeMo is a PyTorch-based framework for research, Uni2TS a PyTorch library for research used by Salesforce’s Morai, and FlexTok is a Python-based framework for research that enables AL and ML models to process images. Cumulatively, they have more than 10 million downloads on HuggingFace (a platform that hosts open source AI models and other tools).
Bug fixed
“The vulnerabilities originate from libraries that use metadata to configure complex models and pipelines, where a shared third-party library instantiates classes using that metadata,” Palo Alto explained in its advisory.
“Vulnerable versions of these libraries simply execute the supplied data as code. This allows an attacker to embed arbitrary code in model metadata that will automatically run when vulnerable libraries load these modified models.”
All three developers were notified in April 2025, and by the end of July all had been fixed. NVIDIA issued CVE-2025-23304 and gave it a high severity rating (7.8/10) and released a fix in NeMo 2.3.2. FlexTok updated its code in June 2025, while Salesforce issued CVE-2026-22584, gave it a critical rating (9.8/10), and fixed it in July 2025.
Palo Alto says that as of December 2025, there is no evidence that these vulnerabilities are being exploited in the wild. All of the errors were detected by the company’s Prisma AIRS tool.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
