Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55557

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

Published

2025-09-25T16:15:34.833

Last Modified

2025-10-03T18:07:23.250

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-248

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	pytorch	≤ 2.7.0	Yes

References

https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc Third Party Advisory ([email protected])
https://github.com/pytorch/pytorch/issues/151738 Issue Tracking ([email protected])
https://github.com/pytorch/pytorch/pull/151931 Issue Tracking, Patch ([email protected])
https://github.com/pytorch/pytorch/issues/151738 Issue Tracking (134c704f-9b21-4f2e-91b3-4a467353bcc0)