Skip to main content

Pytorch CVE-2025-55554

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2025-09-25 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SUSE
MEDIUM
qualitative
Red Hat
4.0 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:14 vuln.today
CVE Published
Sep 25, 2025 - 16:15 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 55 pypi packages depend on torch (44 direct, 12 indirect)

Ecosystem-wide dependent count for version 2.9.0.

DescriptionCVE.org

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

AnalysisAI

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). Affected products include: Linuxfoundation Pytorch.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2025-1945 CRITICAL POC
9.8 Mar 10

PickleScan before 0.0.23 can be bypassed by flipping specific ZIP file header flag bits, allowing malicious pickle files

CVE-2024-48063 CRITICAL POC
9.8 Oct 29

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2022-45907 CRITICAL POC
9.8 Nov 26

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is

CVE-2026-24747 HIGH POC
8.8 Jan 27

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

CVE-2024-8020 HIGH POC
7.5 Mar 20

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sendi

CVE-2025-1944 MEDIUM POC
6.5 Mar 10

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to e

CVE-2025-32434 CRITICAL POC
9.3 Apr 18

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built

CVE-2025-33244 CRITICAL
9.0 Mar 24

NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch

CVE-2025-2953 MEDIUM POC
4.8 Mar 30

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS

CVE-2025-3136 MEDIUM POC
4.8 Apr 03

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0.cuda.memory.caching_allocator_dele

CVE-2025-3121 MEDIUM POC
4.8 Apr 02

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulner

CVE-2025-3730 MEDIUM POC
4.8 Apr 16

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2025-55554 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy