Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3730

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.

Published

2025-04-16T21:15:48.700

Last Modified

2025-05-28T17:35:54.080

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:N/I:N/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

3.1

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-404
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application linuxfoundation pytorch 2.6.0 Yes
References