CVE-2025-55556
CVE-2025-55556 is a medium-severity vulnerability in Google Tensorflow with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-506.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- EPSS exploit prediction: 0% (6th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-31129
- Weakness: CWE-506
- Affected product: Google Tensorflow
- Published:
- Last modified:
Description
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
Frequently asked questions
- What is CVE-2025-55556?
- TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
- How severe is CVE-2025-55556?
- CVE-2025-55556 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability low.
- Is CVE-2025-55556 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (6th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-55556?
- CVE-2025-55556 affects Google Tensorflow. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-55556?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-55556 have an EU (EUVD) identifier?
- Yes. CVE-2025-55556 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-31129.
- When was CVE-2025-55556 published?
- CVE-2025-55556 was published on 2025-09-25 and last updated on 2026-06-17.
References
- https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
- https://github.com/tensorflow/tensorflow/issues/82317
Affected products (1)
- cpe:2.3:a:google:tensorflow:2.18.0:*:*:*:-:*:*:*
More vulnerabilities in Google Tensorflow
- CVE-2023-25668 — Critical (CVSS 9.8): TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can…
- CVE-2018-7575 — Critical (CVSS 9.8): Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is…
- CVE-2021-37678 — Critical (CVSS 9.3): TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be…
- CVE-2021-35958 — Critical (CVSS 9.1): TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when…
- CVE-2020-15206 — Critical (CVSS 9.0): In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol…
- CVE-2020-15205 — Critical (CVSS 9.0): In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of…
All CVEs affecting Google Tensorflow →
Other CWE-506 vulnerabilities
- CVE-2026-28353 — Critical (CVSS 10.0): Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version…
- CVE-2024-3094 — Critical (CVSS 10.0): Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of…
- CVE-2026-48027 — Critical (CVSS 9.8): Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was…
- CVE-2026-8398 — Critical (CVSS 9.8): A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421…
- CVE-2026-44484 — Critical (CVSS 9.8): PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have…
- CVE-2026-6443 — Critical (CVSS 9.8): All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to…