- Palo Alto found critical flaws in AI/ML libraries NeMo, Uni2TS and FlexTok
- Vulnerabilities allowed arbitrary code execution via malicious model metadata
- All fixed by mid-2025; no exploitation observed in December 2025
Security researchers at Palo Alto Networks have discovered vulnerabilities used in some leading artificial intelligence (AI) and machine learning (ML) tools that, if abused, could allow malicious actors to remotely execute malicious code on target endpoints.
In a security advisory, the researchers said that around April 2025, they discovered bugs in three open source Python libraries released by Apple, Salesforce and NVIDIA, on their GitHub repositories.
The libraries are called NeMo, Uni2TS and FlexTok. NeMo is a PyTorch-based search framework, Uni2TS is a PyTorch search library used by Salesforce’s Morai, and FlexTok is a Python-based search framework, allowing AL and ML models to process images. In total, they have more than 10 million downloads on HuggingFace (a platform that hosts open source AI models and other tools).
Bugs fixed
“The vulnerabilities arise from libraries using metadata to configure complex models and pipelines, where a shared third-party library instantiates classes using this metadata,” Palo Alto explained in its advisory.
“The vulnerable versions of these libraries simply execute the data provided as code. This allows an attacker to embed arbitrary code in the model metadata, which would automatically execute when the vulnerable libraries load these modified models.”
All three developers were notified in April 2025 and by the end of July, all were fixed. NVIDIA has released CVE-2025-23304 and assigned it a high severity rating (7.8/10) and released a patch in NeMo 2.3.2. FlexTok updated its code in June 2025, while Salesforce issued CVE-2026-22584, gave it a critical rating (9.8/10), and fixed it in July 2025.
Palo Alto says that as of December 2025, there is no evidence that these vulnerabilities are being exploited in the wild. All the bugs were discovered by the company’s Prisma AIRS tool.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
