Skip to main content

Pytorch CVE-2025-55551

HIGH
Uncontrolled Resource Consumption (CWE-400)
2025-09-25 cve@mitre.org
High
Disputed · 7.5 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
2.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:14 vuln.today
CVE Published
Sep 25, 2025 - 15:16 nvd
HIGH 7.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 55 pypi packages depend on torch (44 direct, 12 indirect)

Ecosystem-wide dependent count for version 2.9.0.

DescriptionCVE.org

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

AnalysisAI

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. Affected products include: Linuxfoundation Pytorch.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2025-1945 CRITICAL POC
9.8 Mar 10

PickleScan before 0.0.23 can be bypassed by flipping specific ZIP file header flag bits, allowing malicious pickle files

CVE-2024-48063 CRITICAL POC
9.8 Oct 29

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2022-45907 CRITICAL POC
9.8 Nov 26

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is

CVE-2026-24747 HIGH POC
8.8 Jan 27

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

CVE-2024-8020 HIGH POC
7.5 Mar 20

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sendi

CVE-2025-1944 MEDIUM POC
6.5 Mar 10

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to e

CVE-2025-32434 CRITICAL POC
9.3 Apr 18

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built

CVE-2025-33244 CRITICAL
9.0 Mar 24

NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch

CVE-2025-2953 MEDIUM POC
4.8 Mar 30

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS

CVE-2025-3136 MEDIUM POC
4.8 Apr 03

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0.cuda.memory.caching_allocator_dele

CVE-2025-3121 MEDIUM POC
4.8 Apr 02

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulner

CVE-2025-3730 MEDIUM POC
4.8 Apr 16

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this

Vendor StatusVendor

Share

CVE-2025-55551 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy