Denial of Service Vulnerability in PyTorch Inductor Compilation
CVE-2025-55557

7.5HIGH

Key Information:

Vendor: PyTorch
Status: PyTorch
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-55557?

A vulnerability exists in PyTorch v2.7.0 related to a Name Error that occurs during the Inductor compilation of a model utilizing the torch.cummin function. This issue can result in Denial of Service (DoS), rendering the application inoperable under specific conditions. Users should take caution when deploying models using this configuration until a patch is provided.

References

https://github.com/pytorch/pytorch/issues/151738

https://github.com/pytorch/pytorch/pull/151931

https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Aug 13, 2025

JSON