Skip to main content

Pytorch CVE-2025-63396

LOW
Improper Locking (CWE-667)
2025-11-12 cve@mitre.org
3.3
CVSS 3.1 · Vendor: mitre

Severity by source

Vendor (mitre) PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:21 vuln.today
PoC Detected
Jan 02, 2026 - 20:54 vuln.today
Public exploit code
CVE Published
Nov 12, 2025 - 21:15 nvd
LOW 3.3

DescriptionCVE.org

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

AnalysisAI

An issue was discovered in PyTorch v2.5 and v2.7.1. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-667. An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS). Affected products include: Linuxfoundation Pytorch.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-1945 CRITICAL POC
9.8 Mar 10

PickleScan before 0.0.23 can be bypassed by flipping specific ZIP file header flag bits, allowing malicious pickle files

CVE-2024-48063 CRITICAL POC
9.8 Oct 29

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2022-45907 CRITICAL POC
9.8 Nov 26

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is

CVE-2026-24747 HIGH POC
8.8 Jan 27

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

CVE-2024-8020 HIGH POC
7.5 Mar 20

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sendi

CVE-2025-1944 MEDIUM POC
6.5 Mar 10

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to e

CVE-2025-32434 CRITICAL POC
9.3 Apr 18

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built

CVE-2025-33244 CRITICAL
9.0 Mar 24

NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch

CVE-2025-2953 MEDIUM POC
4.8 Mar 30

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS

CVE-2025-3136 MEDIUM POC
4.8 Apr 03

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0.cuda.memory.caching_allocator_dele

CVE-2025-3121 MEDIUM POC
4.8 Apr 02

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulner

CVE-2025-3730 MEDIUM POC
4.8 Apr 16

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this

Share

CVE-2025-63396 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy