CVE-2025-46152

MEDIUM
2025-09-25 [email protected]
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:14 vuln.today
Patch Released
Mar 28, 2026 - 19:14 nvd
Patch available
CVE Published
Sep 25, 2025 - 15:16 nvd
MEDIUM 5.3

Tags

Memory Corruption Buffer Overflow Pytorch AI / ML Redhat

Description

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

Analysis

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical Context

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. Affected products include: Linuxfoundation Pytorch. Version information: before 2.7.0.

Affected Products

Linuxfoundation Pytorch.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +26
POC: 0

Vendor Status

Share

CVE-2025-46152 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy